Re: [PATCH 5.19 000/101] 5.19.13-rc1 review
From: Naresh Kamboju
Date: Thu Oct 06 2022 - 03:46:07 EST
On Wed, 5 Oct 2022 at 15:09, Feng Tang <feng.tang@xxxxxxxxx> wrote:
>
> On Tue, Oct 04, 2022 at 12:18:05PM +0530, Naresh Kamboju wrote:
> > On Mon, 3 Oct 2022 at 12:43, Greg Kroah-Hartman
> > <gregkh@xxxxxxxxxxxxxxxxxxx> wrote:
> > >
> > > This is the start of the stable review cycle for the 5.19.13 release.
> > > There are 101 patches in this series, all will be posted as a response
> > > to this one. If anyone has any issues with these being applied, please
> > > let me know.
> > >
> > > Responses should be made by Wed, 05 Oct 2022 07:07:06 +0000.
> > > Anything received after that time might be too late.
> > >
> > > The whole patch series can be found in one patch at:
> > > https://www.kernel.org/pub/linux/kernel/v5.x/stable-review/patch-5.19.13-rc1.gz
> > > or in the git tree and branch at:
> > > git://git.kernel.org/pub/scm/linux/kernel/git/stable/linux-stable-rc.git linux-5.19.y
> > > and the diffstat can be found below.
> > >
> > > thanks,
> > >
> > > greg k-h
> >
> > Results from Linaro's test farm.
> > No regressions on arm64, arm, x86_64, and i386.
> >
> > Tested-by: Linux Kernel Functional Testing <lkft@xxxxxxxxxx>
> >
> > NOTE:
> > 1) Build warning
> > 2) Boot warning on qemu-arm64 with KASAN and Kunit test
> > Suspecting one of the recently commits causing this warning and
> > need to bisect to confirm the commit id.
> > mm/slab_common: fix possible double free of kmem_cache
> > [ Upstream commit d71608a877362becdc94191f190902fac1e64d35 ]
>
> Hi Naresh Kamboju,
>
> Thanks for the report!
>
> Could you try reverting the commit and re-test it to confirm?
Anders re-run the tests multiple times with and without the patch reverted and
was not successful in reproducing the reported problem.
Which confirms that, it is not easy to reproduce.
> Also could you provide the kernel dmesg of the failure and the
> kernel config of the test?
dmesg log attached to this email.
Here is the build link,
https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/
>
> I locally pulled the linux-stable source and used QEMU to test
> it with kasan/kfence enabled, but could not reproduce it (I
> only have x86 HW at hand).
>
> > 2) Following kernel boot warning noticed on qemu-arm64 with KASAN and
> > KUNIT enabled [1]
> >
> > [ 177.651182] ------------[ cut here ]------------
> > [ 177.652217] kmem_cache_destroy test: Slab cache still has
> > objects when called from test_exit+0x28/0x40
> > [ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520
> > kmem_cache_destroy+0x1e8/0x20c
> > [ 177.666237] Modules linked in:
> > [ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B
> > 5.19.13-rc1 #1
> > [ 177.668666] Hardware name: linux,dummy-virt (DT)
> > [ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT
> > -SSBS BTYPE=--)
> > [ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c
> > [ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c
> > [ 177.691598] Call trace:
> > [ 177.692165] kmem_cache_destroy+0x1e8/0x20c
> > [ 177.693196] test_exit+0x28/0x40
> > [ 177.694158] kunit_catch_run_case+0x5c/0x120
> > [ 177.695177] kunit_try_catch_run+0x144/0x26c
> > [ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0
> > [ 177.697353] kunit_run_tests+0x374/0x750
> > [ 177.698333] __kunit_test_suites_init+0x74/0xa0
> > [ 177.699386] kunit_run_all_tests+0x160/0x380
> > [ 177.700428] kernel_init_freeable+0x32c/0x388
> > [ 177.701497] kernel_init+0x2c/0x150
> > [ 177.702347] ret_from_fork+0x10/0x20
> > [ 177.703308] ---[ end trace 0000000000000000 ]---
> >
> > [1] https://tuxapi.tuxsuite.com/v1/groups/linaro/projects/lkft/tests/2FcCyacq1SusUcnAfamULqzkdUA
>
> I also tried the reproduce cmmand from the above link:
>
> tuxrun --runtime podman --device qemu-arm64 --kernel https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/Image.gz --modules https://builds.tuxbuild.com/2FcCwzbNgR7TlQXzJ0nu32y1CpB/modules.tar.xz --rootfs https://storage.lkft.org/rootfs/oe-kirkstone/20220824-114729/juno/lkft-tux-image-juno-20220824120304.rootfs.ext4.gz --parameters SKIPFILE=skipfile-lkft.yaml --image docker.io/lavasoftware/lava-dispatcher:2022.06 --tests kunit --timeouts boot=30
>
> Which also didn't reproduce it, but had some RCU stall problems
> (could also be related to the x86 HWs)
>
> [ 321.006279] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
> [ 321.007281] ffff0000074c2300: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
> [ 321.009283] rcu: 0-...0: (1 GPs behind) idle=40f/1/0x4000000000000000 softirq=436/437 fqs=5
>
> [ 321.024995] rcu: rcu_preempt kthread timer wakeup didn't happen for 4464 jiffies! g-207 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
> [ 321.026343] rcu: Possible timer handling issue on cpu=1 timer-softirq=1426
> [ 321.027340] rcu: rcu_preempt kthread starved for 4465 jiffies! g-207 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
> [ 321.028517] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
> [ 321.029488] rcu: RCU grace-period kthread stack dump:
> [ 321.030251] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
> [ 321.031434] Call trace:
> [ 321.031878] __switch_to+0x140/0x1e0
> [ 321.032565] __schedule+0x4f4/0xc74
> [ 321.033228] schedule+0x88/0x13c
> [ 321.033915] schedule_timeout+0x104/0x2b0
> [ 321.034646] rcu_gp_fqs_loop+0x1a0/0x784
> [ 321.035119] rcu_gp_kthread+0x278/0x3a0
> [ 321.035608] kthread+0x160/0x170
> [ 339.882465] ret_from_fork+0x10/0x20
> [ 339.883898] rcu: Stack dump where RCU GP kthread last ran:
>
> The full .xz log is attched.
Thanks for looking into this.
>
> Thanks,
> Feng
- Naresh
<6>[ 0.000000] Booting Linux on physical CPU 0x0000000000 [0x000f0510]
<5>[ 0.000000] Linux version 5.19.13-rc1 (tuxmake@tuxmake) (aarch64-linux-gnu-gcc (Debian 11.3.0-3) 11.3.0, GNU ld (GNU Binutils for Debian) 2.38.90.20220713) #1 SMP PREEMPT @1664782420
<6>[ 0.000000] Machine model: linux,dummy-virt
<6>[ 0.000000] efi: UEFI not found.
<6>[ 0.000000] NUMA: No NUMA configuration found
<6>[ 0.000000] NUMA: Faking a node at [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] NUMA: NODE_DATA [mem 0x7fdffb40-0x7fe01fff]
<6>[ 0.000000] Zone ranges:
<6>[ 0.000000] DMA [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] DMA32 empty
<6>[ 0.000000] Normal empty
<6>[ 0.000000] Movable zone start for each node
<6>[ 0.000000] Early memory node ranges
<6>[ 0.000000] node 0: [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] Initmem setup node 0 [mem 0x0000000040000000-0x000000007fffffff]
<6>[ 0.000000] cma: Reserved 32 MiB at 0x000000007cc00000
<6>[ 0.000000] kasan: KernelAddressSanitizer initialized (generic)
<6>[ 0.000000] psci: probing for conduit method from DT.
<6>[ 0.000000] psci: PSCIv1.1 detected in firmware.
<6>[ 0.000000] psci: Using standard PSCI v0.2 function IDs
<6>[ 0.000000] psci: Trusted OS migration not required
<6>[ 0.000000] psci: SMC Calling Convention v1.0
<6>[ 0.000000] percpu: Embedded 30 pages/cpu s83240 r8192 d31448 u122880
<7>[ 0.000000] pcpu-alloc: s83240 r8192 d31448 u122880 alloc=30*4096
<7>[ 0.000000] pcpu-alloc: [0] 0 [0] 1
<6>[ 0.000000] Detected PIPT I-cache on CPU0
<6>[ 0.000000] CPU features: detected: Address authentication (IMP DEF algorithm)
<6>[ 0.000000] CPU features: detected: GIC system register CPU interface
<6>[ 0.000000] CPU features: detected: Spectre-v2
<6>[ 0.000000] CPU features: detected: Spectre-v4
<6>[ 0.000000] CPU features: kernel page table isolation forced ON by KASLR
<6>[ 0.000000] CPU features: detected: Kernel page table isolation (KPTI)
<6>[ 0.000000] alternatives: patching kernel code
<6>[ 0.000000] Fallback order for Node 0: 0
<6>[ 0.000000] Built 1 zonelists, mobility grouping on. Total pages: 258048
<6>[ 0.000000] Policy zone: DMA
<5>[ 0.000000] Kernel command line: console=ttyAMA0,115200 rootwait root=/dev/vda debug verbose console_msg_format=syslog
<5>[ 0.000000] Unknown kernel command line parameters \"verbose\", will be passed to user space.
<6>[ 0.000000] Dentry cache hash table entries: 131072 (order: 8, 1048576 bytes, linear)
<6>[ 0.000000] Inode-cache hash table entries: 65536 (order: 7, 524288 bytes, linear)
<6>[ 0.000000] mem auto-init: stack:off, heap alloc:off, heap free:off
<6>[ 0.000000] Stack Depot early init allocating hash table with memblock_alloc, 8388608 bytes
<6>[ 0.000000] Memory: 737900K/1048576K available (29120K kernel code, 20624K rwdata, 21040K rodata, 30080K init, 1205K bss, 277908K reserved, 32768K cma-reserved)
<6>[ 0.000000] SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=2, Nodes=1
<6>[ 0.000000] ftrace: allocating 72326 entries in 283 pages
<6>[ 0.000000] ftrace: allocated 283 pages with 5 groups
<6>[ 0.000000] trace event string verifier disabled
<6>[ 0.000000] rcu: Preemptible hierarchical RCU implementation.
<6>[ 0.000000] rcu: RCU event tracing is enabled.
<6>[ 0.000000] rcu: RCU restricting CPUs from NR_CPUS=256 to nr_cpu_ids=2.
<6>[ 0.000000] Trampoline variant of Tasks RCU enabled.
<6>[ 0.000000] Rude variant of Tasks RCU enabled.
<6>[ 0.000000] Tracing variant of Tasks RCU enabled.
<6>[ 0.000000] rcu: RCU calculated value of scheduler-enlistment delay is 25 jiffies.
<6>[ 0.000000] rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=2
<6>[ 0.000000] NR_IRQS: 64, nr_irqs: 64, preallocated irqs: 0
<6>[ 0.000000] GICv3: 224 SPIs implemented
<6>[ 0.000000] GICv3: 0 Extended SPIs implemented
<6>[ 0.000000] Root IRQ handler: gic_handle_irq
<6>[ 0.000000] GICv3: GICv3 features: 16 PPIs
<6>[ 0.000000] GICv3: CPU0: found redistributor 0 region 0:0x00000000080a0000
<6>[ 0.000000] ITS [mem 0x08080000-0x0809ffff]
<6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Devices @47030000 (indirect, esz 8, psz 64K, shr 1)
<6>[ 0.000000] ITS@0x0000000008080000: allocated 8192 Interrupt Collections @47040000 (flat, esz 8, psz 64K, shr 1)
<6>[ 0.000000] GICv3: using LPI property table @0x0000000047050000
<6>[ 0.000000] GICv3: CPU0: using allocated LPI pending table @0x0000000047060000
<6>[ 0.000000] rcu: srcu_init: Setting srcu_struct sizes based on contention.
<6>[ 0.000000] kfence: initialized - using 2097152 bytes for 255 objects at 0x(____ptrval____)-0x(____ptrval____)
<6>[ 0.000000] arch_timer: cp15 timer(s) running at 62.50MHz (virt).
<6>[ 0.000000] clocksource: arch_sys_counter: mask: 0x1ffffffffffffff max_cycles: 0x1cd42e208c, max_idle_ns: 881590405314 ns
<6>[ 0.000102] sched_clock: 57 bits at 63MHz, resolution 16ns, wraps every 4398046511096ns
<5>[ 0.003703] random: crng init done
<6>[ 0.031225] Console: colour dummy device 80x25
<6>[ 0.041157] Calibrating delay loop (skipped), value calculated using timer frequency.. 125.00 BogoMIPS (lpj=250000)
<6>[ 0.043293] pid_max: default: 32768 minimum: 301
<6>[ 0.048068] LSM: Security Framework initializing
<6>[ 0.057274] Mount-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
<6>[ 0.057580] Mountpoint-cache hash table entries: 2048 (order: 2, 16384 bytes, linear)
<4>[ 0.135156] /cpus/cpu-map: empty cluster
<6>[ 0.176807] cblist_init_generic: Setting adjustable number of callback queues.
<6>[ 0.177189] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.186446] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.189984] cblist_init_generic: Setting shift to 1 and lim to 1.
<6>[ 0.198789] rcu: Hierarchical SRCU implementation.
<6>[ 0.198966] rcu: Max phase no-delay instances is 1000.
<6>[ 0.271478] Platform MSI: its@8080000 domain created
<6>[ 0.274373] PCI/MSI: /intc@8000000/its@8080000 domain created
<6>[ 0.276996] fsl-mc MSI: its@8080000 domain created
<6>[ 0.304913] EFI services will not be available.
<6>[ 0.313679] smp: Bringing up secondary CPUs ...
<6>[ 0.344043] Detected PIPT I-cache on CPU1
<6>[ 0.353757] GICv3: CPU1: found redistributor 1 region 0:0x00000000080c0000
<6>[ 0.355350] GICv3: CPU1: using allocated LPI pending table @0x0000000047070000
<6>[ 0.359511] CPU1: Booted secondary processor 0x0000000001 [0x000f0510]
<6>[ 0.369784] smp: Brought up 1 node, 2 CPUs
<6>[ 0.369996] SMP: Total of 2 processors activated.
<6>[ 0.370342] CPU features: detected: Branch Target Identification
<6>[ 0.370554] CPU features: detected: 32-bit EL0 Support
<6>[ 0.370683] CPU features: detected: 32-bit EL1 Support
<6>[ 0.372007] CPU features: detected: Common not Private translations
<6>[ 0.372157] CPU features: detected: CRC32 instructions
<6>[ 0.372371] CPU features: detected: Generic authentication (IMP DEF algorithm)
<6>[ 0.372504] CPU features: detected: RCpc load-acquire (LDAPR)
<6>[ 0.372628] CPU features: detected: LSE atomic instructions
<6>[ 0.372750] CPU features: detected: Privileged Access Never
<6>[ 0.372874] CPU features: detected: Random Number Generator
<6>[ 0.372994] CPU features: detected: Speculation barrier (SB)
<6>[ 0.373118] CPU features: detected: TLB range maintenance instructions
<6>[ 0.373331] CPU features: detected: Speculative Store Bypassing Safe (SSBS)
<6>[ 0.373471] CPU features: detected: Scalable Vector Extension
<6>[ 0.835200] SVE: maximum available vector length 256 bytes per vector
<6>[ 0.839284] SVE: default vector length 64 bytes per vector
<6>[ 0.869069] CPU: All CPU(s) started at EL1
<6>[ 1.009245] devtmpfs: initialized
<6>[ 1.300084] KASLR enabled
<6>[ 1.308848] clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
<6>[ 1.310182] futex hash table entries: 512 (order: 3, 32768 bytes, linear)
<6>[ 1.351214] pinctrl core: initialized pinctrl subsystem
<6>[ 1.431592] DMI not present or invalid.
<6>[ 1.465202] NET: Registered PF_NETLINK/PF_ROUTE protocol family
<6>[ 1.536141] DMA: preallocated 128 KiB GFP_KERNEL pool for atomic allocations
<6>[ 1.542351] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA pool for atomic allocations
<6>[ 1.548990] DMA: preallocated 128 KiB GFP_KERNEL|GFP_DMA32 pool for atomic allocations
<6>[ 1.552716] audit: initializing netlink subsys (disabled)
<5>[ 1.563170] audit: type=2000 audit(1.368:1): state=initialized audit_enabled=0 res=1
<6>[ 1.621231] thermal_sys: Registered thermal governor 'step_wise'
<6>[ 1.621523] thermal_sys: Registered thermal governor 'power_allocator'
<6>[ 1.625600] cpuidle: using governor menu
<6>[ 1.635726] hw-breakpoint: found 6 breakpoint and 4 watchpoint registers.
<6>[ 1.638323] ASID allocator initialised with 32768 entries
<6>[ 1.638713] HugeTLB: can optimize 4095 vmemmap pages for hugepages-1048576kB
<6>[ 1.639011] HugeTLB: can optimize 127 vmemmap pages for hugepages-32768kB
<6>[ 1.639314] HugeTLB: can optimize 7 vmemmap pages for hugepages-2048kB
<6>[ 1.639543] HugeTLB: can optimize 0 vmemmap pages for hugepages-64kB
<6>[ 1.726098] Serial: AMBA PL011 UART driver
<6>[ 2.483024] 9000000.pl011: ttyAMA0 at MMIO 0x9000000 (irq = 13, base_baud = 0) is a PL011 rev1
<6>[ 2.649542] printk: console [ttyAMA0] enabled
<6>[ 4.173689] HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
<6>[ 4.175670] HugeTLB registered 32.0 MiB page size, pre-allocated 0 pages
<6>[ 4.176873] HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
<6>[ 4.178083] HugeTLB registered 64.0 KiB page size, pre-allocated 0 pages
<6>[ 4.312525] cryptd: max_cpu_qlen set to 1000
<6>[ 4.528442] ACPI: Interpreter disabled.
<6>[ 4.902469] iommu: Default domain type: Translated
<6>[ 4.906734] iommu: DMA domain TLB invalidation policy: strict mode
<5>[ 4.971450] SCSI subsystem initialized
<7>[ 5.004354] libata version 3.00 loaded.
<6>[ 5.064847] usbcore: registered new interface driver usbfs
<6>[ 5.087776] usbcore: registered new interface driver hub
<6>[ 5.091950] usbcore: registered new device driver usb
<6>[ 5.308625] mc: Linux media interface: v0.10
<6>[ 5.316870] videodev: Linux video capture interface: v2.00
<6>[ 5.331737] pps_core: LinuxPPS API ver. 1 registered
<6>[ 5.332879] pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <giometti@xxxxxxxx>
<6>[ 5.340604] PTP clock support registered
<6>[ 5.374829] EDAC MC: Ver: 3.0.0
<6>[ 5.533580] FPGA manager framework
<6>[ 5.545477] Advanced Linux Sound Architecture Driver Initialized.
<6>[ 5.690482] vgaarb: loaded
<6>[ 5.771041] clocksource: Switched to clocksource arch_sys_counter
<5>[ 5.916665] VFS: Disk quotas dquot_6.6.0
<6>[ 5.931591] VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
<6>[ 5.984423] pnp: PnP ACPI: disabled
<6>[ 6.827452] NET: Registered PF_INET protocol family
<6>[ 6.838632] IP idents hash table entries: 16384 (order: 5, 131072 bytes, linear)
<6>[ 6.905246] tcp_listen_portaddr_hash hash table entries: 512 (order: 1, 8192 bytes, linear)
<6>[ 6.914266] Table-perturb hash table entries: 65536 (order: 6, 262144 bytes, linear)
<6>[ 6.916324] TCP established hash table entries: 8192 (order: 4, 65536 bytes, linear)
<6>[ 6.931926] TCP bind hash table entries: 8192 (order: 5, 131072 bytes, linear)
<6>[ 6.939800] TCP: Hash tables configured (established 8192 bind 8192)
<6>[ 6.963587] MPTCP token hash table entries: 1024 (order: 2, 24576 bytes, linear)
<6>[ 6.976403] UDP hash table entries: 512 (order: 2, 16384 bytes, linear)
<6>[ 6.979700] UDP-Lite hash table entries: 512 (order: 2, 16384 bytes, linear)
<6>[ 7.018191] NET: Registered PF_UNIX/PF_LOCAL protocol family
<6>[ 7.126579] RPC: Registered named UNIX socket transport module.
<6>[ 7.127920] RPC: Registered udp transport module.
<6>[ 7.128858] RPC: Registered tcp transport module.
<6>[ 7.131347] RPC: Registered tcp NFSv4.1 backchannel transport module.
<6>[ 7.132864] PCI: CLS 0 bytes, default 64
<6>[ 7.368465] hw perfevents: enabled with armv8_pmuv3 PMU driver, 5 counters available
<6>[ 7.391204] kvm [1]: HYP mode not available
<5>[ 7.610824] Initialise system trusted keyrings
<6>[ 7.637809] workingset: timestamp_bits=42 max_order=18 bucket_order=0
<6>[ 8.772820] squashfs: version 4.0 (2009/01/31) Phillip Lougher
<5>[ 8.899228] NFS: Registering the id_resolver key type
<5>[ 8.902018] Key type id_resolver registered
<5>[ 8.902985] Key type id_legacy registered
<6>[ 8.917292] nfs4filelayout_init: NFSv4 File Layout Driver Registering...
<6>[ 8.923114] nfs4flexfilelayout_init: NFSv4 Flexfile Layout Driver Registering...
<6>[ 8.959780] 9p: Installing v9fs 9p2000 file system support
<6>[ 9.143658] NET: Registered PF_ALG protocol family
<5>[ 9.149888] Key type asymmetric registered
<5>[ 9.150986] Asymmetric key parser 'x509' registered
<6>[ 9.159794] Block layer SCSI generic (bsg) driver version 0.4 loaded (major 244)
<6>[ 9.165346] io scheduler mq-deadline registered
<6>[ 9.168489] io scheduler kyber registered
<6>[ 11.150142] pl061_gpio 9030000.pl061: PL061 GPIO chip registered
<6>[ 11.542600] pci-host-generic 4010000000.pcie: host bridge /pcie@10000000 ranges:
<6>[ 11.548117] pci-host-generic 4010000000.pcie: IO 0x003eff0000..0x003effffff -> 0x0000000000
<6>[ 11.554155] pci-host-generic 4010000000.pcie: MEM 0x0010000000..0x003efeffff -> 0x0010000000
<6>[ 11.556519] pci-host-generic 4010000000.pcie: MEM 0x8000000000..0xffffffffff -> 0x8000000000
<4>[ 11.561003] pci-host-generic 4010000000.pcie: Memory resource size exceeds max for 32 bits
<6>[ 12.925046] pci-host-generic 4010000000.pcie: ECAM at [mem 0x4010000000-0x401fffffff] for [bus 00-ff]
<6>[ 12.968139] pci-host-generic 4010000000.pcie: PCI host bridge to bus 0000:00
<6>[ 12.974785] pci_bus 0000:00: root bus resource [bus 00-ff]
<6>[ 12.976230] pci_bus 0000:00: root bus resource [io 0x0000-0xffff]
<6>[ 12.982124] pci_bus 0000:00: root bus resource [mem 0x10000000-0x3efeffff]
<6>[ 12.983751] pci_bus 0000:00: root bus resource [mem 0x8000000000-0xffffffffff]
<6>[ 12.999860] pci 0000:00:00.0: [1b36:0008] type 00 class 0x060000
<6>[ 13.395054] EINJ: ACPI disabled.
<6>[ 17.324962] Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
<6>[ 17.854694] SuperH (H)SCI(F) driver initialized
<6>[ 17.944175] msm_serial: driver initialized
<4>[ 18.222144] cacheinfo: Unable to detect cache hierarchy for CPU 0
<6>[ 18.866139] loop: module loaded
<6>[ 18.872452] virtio_blk virtio0: 1/0/0 default/read/poll queues
<5>[ 18.902454] virtio_blk virtio0: [vda] 2797452 512-byte logical blocks (1.43 GB/1.33 GiB)
<6>[ 19.255536] megasas: 07.719.03.00-rc1
<5>[ 19.903938] physmap-flash 0.flash: physmap platform flash device: [mem 0x00000000-0x03ffffff]
<6>[ 19.915399] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
<6>[ 19.923403] Intel/Sharp Extended Query Table at 0x0031
<6>[ 19.928164] Using buffer write method
<7>[ 19.935382] erase region 0: offset=0x0,size=0x40000,blocks=256
<5>[ 20.509294] physmap-flash 0.flash: physmap platform flash device: [mem 0x04000000-0x07ffffff]
<6>[ 20.521810] 0.flash: Found 2 x16 devices at 0x0 in 32-bit bank. Manufacturer ID 0x000000 Chip ID 0x000000
<6>[ 20.527152] Intel/Sharp Extended Query Table at 0x0031
<6>[ 20.534854] Using buffer write method
<7>[ 20.536199] erase region 0: offset=0x0,size=0x40000,blocks=256
<5>[ 20.538813] Concatenating MTD devices:
<5>[ 20.545833] (0): \"0.flash\"
<5>[ 20.546609] (1): \"0.flash\"
<5>[ 20.547332] into device \"0.flash\"
<6>[ 22.299728] thunder_xcv, ver 1.0
<6>[ 22.304421] thunder_bgx, ver 1.0
<6>[ 22.310710] nicpf, ver 1.0
<6>[ 22.507805] hns3: Hisilicon Ethernet Network Driver for Hip08 Family - version
<6>[ 22.513331] hns3: Copyright (c) 2017 Huawei Corporation.
<6>[ 22.530321] hclge is initializing
<6>[ 22.532509] e1000: Intel(R) PRO/1000 Network Driver
<6>[ 22.541936] e1000: Copyright (c) 1999-2006 Intel Corporation.
<6>[ 22.555080] e1000e: Intel(R) PRO/1000 Network Driver
<6>[ 22.556051] e1000e: Copyright(c) 1999 - 2015 Intel Corporation.
<6>[ 22.571771] igb: Intel(R) Gigabit Ethernet Network Driver
<6>[ 22.572819] igb: Copyright (c) 2007-2014 Intel Corporation.
<6>[ 22.593977] igbvf: Intel(R) Gigabit Virtual Function Network Driver
<6>[ 22.595137] igbvf: Copyright (c) 2009 - 2012 Intel Corporation.
<6>[ 22.699193] sky2: driver version 1.30
<6>[ 22.708206] QLogic FastLinQ 4xxxx Core Module qed
<6>[ 22.713809] qede init: QLogic FastLinQ 4xxxx Ethernet Driver qede
<6>[ 22.994678] usbcore: registered new interface driver asix
<6>[ 23.002665] usbcore: registered new interface driver ax88179_178a
<6>[ 23.034268] VFIO - User Level meta-driver version: 0.3
<6>[ 23.318876] ehci_hcd: USB 2.0 'Enhanced' Host Controller (EHCI) Driver
<6>[ 23.320952] ehci-pci: EHCI PCI platform driver
<6>[ 23.333958] ehci-platform: EHCI generic platform driver
<6>[ 23.359801] ehci-orion: EHCI orion driver
<6>[ 23.384940] ehci-exynos: EHCI Exynos driver
<6>[ 23.407439] ohci_hcd: USB 1.1 'Open' Host Controller (OHCI) Driver
<6>[ 23.413695] ohci-pci: OHCI PCI platform driver
<6>[ 23.422534] ohci-platform: OHCI generic platform driver
<6>[ 23.446857] ohci-exynos: OHCI Exynos driver
<6>[ 23.515235] usbcore: registered new interface driver usb-storage
<6>[ 23.931946] rtc-pl031 9010000.pl031: registered as rtc0
<6>[ 23.935470] rtc-pl031 9010000.pl031: setting system clock to 2022-10-03T07:46:36 UTC (1664783196)
<6>[ 24.014102] i2c_dev: i2c /dev entries driver
<6>[ 25.332992] sdhci: Secure Digital Host Controller Interface driver
<6>[ 25.334619] sdhci: Copyright(c) Pierre Ossman
<6>[ 25.415733] Synopsys Designware Multimedia Card Interface Driver
<6>[ 25.698682] sdhci-pltfm: SDHCI platform and OF driver helper
<6>[ 26.025791] ledtrig-cpu: registered to indicate activity on CPUs
<6>[ 26.407670] usbcore: registered new interface driver usbhid
<6>[ 26.408848] usbhid: USB HID core driver
<6>[ 26.840347] cs_system_cfg: CoreSight Configuration manager initialised
<6>[ 27.432170] NET: Registered PF_INET6 protocol family
<6>[ 27.591988] Segment Routing with IPv6
<6>[ 27.599834] In-situ OAM (IOAM) with IPv6
<6>[ 27.614833] NET: Registered PF_PACKET protocol family
<6>[ 27.647783] 9pnet: Installing 9P2000 support
<5>[ 27.656375] Key type dns_resolver registered
<6>[ 27.788024] registered taskstats version 1
<5>[ 27.791983] Loading compiled-in X.509 certificates
<4>[ 28.185597] hrtimer: interrupt took 51928464 ns
<6>[ 30.775087] input: gpio-keys as /devices/platform/gpio-keys/input/input0
<6>[ 52.644082] ALSA device list:
<6>[ 52.644927] No soundcards found.
<6>[ 52.648264] TAP version 14
<6>[ 52.649004] 1..47
<6>[ 52.652799] # Subtest: time_test_cases
<6>[ 52.654282] 1..1
<6>[ 145.100118] ok 1 - time64_to_tm_test_date_range
<6>[ 145.102023] ok 1 - time_test_cases
<6>[ 145.110675] # Subtest: resource
<6>[ 145.110995] 1..2
<6>[ 145.128770] ok 1 - resource_test_union
<6>[ 145.146090] ok 2 - resource_test_intersection
<6>[ 145.147172] # resource: pass:2 fail:0 skip:0 total:2
<6>[ 145.148297] # Totals: pass:2 fail:0 skip:0 total:2
<6>[ 145.152185] ok 2 - resource
<6>[ 145.160304] # Subtest: sysctl_test
<6>[ 145.160627] 1..10
<6>[ 145.182651] ok 1 - sysctl_test_api_dointvec_null_tbl_data
<6>[ 145.206041] ok 2 - sysctl_test_api_dointvec_table_maxlen_unset
<6>[ 145.230054] ok 3 - sysctl_test_api_dointvec_table_len_is_zero
<6>[ 145.252378] ok 4 - sysctl_test_api_dointvec_table_read_but_position_set
<6>[ 145.279309] ok 5 - sysctl_test_dointvec_read_happy_single_positive
<6>[ 145.298700] ok 6 - sysctl_test_dointvec_read_happy_single_negative
<6>[ 145.323330] ok 7 - sysctl_test_dointvec_write_happy_single_positive
<6>[ 145.361957] ok 8 - sysctl_test_dointvec_write_happy_single_negative
<6>[ 145.413931] ok 9 - sysctl_test_api_dointvec_write_single_less_int_min
<6>[ 145.457998] ok 10 - sysctl_test_api_dointvec_write_single_greater_int_max
<6>[ 145.459438] # sysctl_test: pass:10 fail:0 skip:0 total:10
<6>[ 145.460757] # Totals: pass:10 fail:0 skip:0 total:10
<6>[ 145.462534] ok 3 - sysctl_test
<6>[ 145.482053] # Subtest: kfence
<6>[ 145.482975] 1..25
<6>[ 145.505031] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=left, cache=0
<3>[ 145.521308] ==================================================================
<3>[ 145.524993] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260
<3>[ 145.524993]
<3>[ 145.528841] Out-of-bounds read at 0x00000000a541d560 (1B left of kfence-#43):
<4>[ 145.543094] test_out_of_bounds_read+0x11c/0x260
<4>[ 145.544333] kunit_try_run_case+0x8c/0x124
<4>[ 145.545356] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.546583] kthread+0x160/0x170
<4>[ 145.547448] ret_from_fork+0x10/0x20
<3>[ 145.548394]
<4>[ 145.549067] kfence-#43: 0x00000000b43a4815-0x000000000284ca2d, size=128, cache=kmalloc-128
<4>[ 145.549067]
<4>[ 145.551274] allocated by task 185 on cpu 0 at 145.517149s:
<4>[ 145.552954] test_alloc+0x1ec/0x3f4
<4>[ 145.553990] test_out_of_bounds_read+0x108/0x260
<4>[ 145.555004] kunit_try_run_case+0x8c/0x124
<4>[ 145.555986] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.557191] kthread+0x160/0x170
<4>[ 145.560730] ret_from_fork+0x10/0x20
<3>[ 145.561728]
<3>[ 145.562423] CPU: 0 PID: 185 Comm: kunit_try_catch Not tainted 5.19.13-rc1 #1
<3>[ 145.563852] Hardware name: linux,dummy-virt (DT)
<3>[ 145.564996] ==================================================================
<6>[ 145.570745] # test_out_of_bounds_read: test_alloc: size=128, gfp=cc0, policy=right, cache=0
<3>[ 145.621986] ==================================================================
<3>[ 145.623232] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260
<3>[ 145.623232]
<3>[ 145.624790] Out-of-bounds read at 0x00000000615dec98 (128B right of kfence-#51):
<4>[ 145.626150] test_out_of_bounds_read+0x1ac/0x260
<4>[ 145.627190] kunit_try_run_case+0x8c/0x124
<4>[ 145.628185] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.629409] kthread+0x160/0x170
<4>[ 145.630277] ret_from_fork+0x10/0x20
<3>[ 145.631176]
<4>[ 145.631624] kfence-#51: 0x0000000087fb6646-0x00000000d0fc8005, size=128, cache=kmalloc-128
<4>[ 145.631624]
<4>[ 145.633149] allocated by task 185 on cpu 0 at 145.620042s:
<4>[ 145.634372] test_alloc+0x1ec/0x3f4
<4>[ 145.635345] test_out_of_bounds_read+0x198/0x260
<4>[ 145.636339] kunit_try_run_case+0x8c/0x124
<4>[ 145.637328] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.638549] kthread+0x160/0x170
<4>[ 145.639397] ret_from_fork+0x10/0x20
<3>[ 145.640285]
<3>[ 145.640900] CPU: 0 PID: 185 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 145.642354] Hardware name: linux,dummy-virt (DT)
<3>[ 145.643206] ==================================================================
<6>[ 145.658938] ok 1 - test_out_of_bounds_read
<6>[ 145.669074] # test_out_of_bounds_read-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 145.695212] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 145.857077] ==================================================================
<3>[ 145.858808] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x11c/0x260
<3>[ 145.858808]
<3>[ 145.860356] Out-of-bounds read at 0x00000000554bc340 (1B left of kfence-#96):
<4>[ 145.861618] test_out_of_bounds_read+0x11c/0x260
<4>[ 145.862640] kunit_try_run_case+0x8c/0x124
<4>[ 145.863633] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.864844] kthread+0x160/0x170
<4>[ 145.865710] ret_from_fork+0x10/0x20
<3>[ 145.866618]
<4>[ 145.867067] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test
<4>[ 145.867067]
<4>[ 145.868504] allocated by task 186 on cpu 0 at 145.855590s:
<4>[ 145.869803] test_alloc+0x1dc/0x3f4
<4>[ 145.870797] test_out_of_bounds_read+0x108/0x260
<4>[ 145.871794] kunit_try_run_case+0x8c/0x124
<4>[ 145.872771] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 145.873988] kthread+0x160/0x170
<4>[ 145.874841] ret_from_fork+0x10/0x20
<3>[ 145.875731]
<3>[ 145.876205] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 145.877631] Hardware name: linux,dummy-virt (DT)
<3>[ 145.878495] ==================================================================
<6>[ 145.882374] # test_out_of_bounds_read-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
<3>[ 146.186418] ==================================================================
<3>[ 146.187712] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1ac/0x260
<3>[ 146.187712]
<3>[ 146.189265] Out-of-bounds read at 0x000000007ae6480b (32B right of kfence-#128):
<4>[ 146.191042] test_out_of_bounds_read+0x1ac/0x260
<4>[ 146.192069] kunit_try_run_case+0x8c/0x124
<4>[ 146.193057] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.194295] kthread+0x160/0x170
<4>[ 146.195150] ret_from_fork+0x10/0x20
<3>[ 146.196048]
<4>[ 146.196497] kfence-#128: 0x00000000a622f8df-0x000000002a926c42, size=32, cache=test
<4>[ 146.196497]
<4>[ 146.197954] allocated by task 186 on cpu 0 at 146.184476s:
<4>[ 146.199169] test_alloc+0x1dc/0x3f4
<4>[ 146.200137] test_out_of_bounds_read+0x198/0x260
<4>[ 146.201130] kunit_try_run_case+0x8c/0x124
<4>[ 146.202127] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.203334] kthread+0x160/0x170
<4>[ 146.204174] ret_from_fork+0x10/0x20
<3>[ 146.205056]
<3>[ 146.205543] CPU: 0 PID: 186 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 146.206973] Hardware name: linux,dummy-virt (DT)
<3>[ 146.207819] ==================================================================
<6>[ 146.308532] ok 2 - test_out_of_bounds_read-memcache
<6>[ 146.331361] # test_out_of_bounds_write: test_alloc: size=32, gfp=cc0, policy=left, cache=0
<3>[ 146.510722] ==================================================================
<3>[ 146.512067] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0xec/0x1a4
<3>[ 146.512067]
<3>[ 146.513718] Out-of-bounds write at 0x0000000096373cb7 (1B left of kfence-#139):
<4>[ 146.515034] test_out_of_bounds_write+0xec/0x1a4
<4>[ 146.516067] kunit_try_run_case+0x8c/0x124
<4>[ 146.517114] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.518490] kthread+0x160/0x170
<4>[ 146.519372] ret_from_fork+0x10/0x20
<3>[ 146.520290]
<4>[ 146.520745] kfence-#139: 0x0000000060778e4f-0x00000000ed903925, size=32, cache=kmalloc-128
<4>[ 146.520745]
<4>[ 146.522319] allocated by task 187 on cpu 1 at 146.508136s:
<4>[ 146.523540] test_alloc+0x1ec/0x3f4
<4>[ 146.524524] test_out_of_bounds_write+0xd8/0x1a4
<4>[ 146.525540] kunit_try_run_case+0x8c/0x124
<4>[ 146.526544] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 146.527765] kthread+0x160/0x170
<4>[ 146.528648] ret_from_fork+0x10/0x20
<3>[ 146.529557]
<3>[ 146.530054] CPU: 1 PID: 187 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 146.531503] Hardware name: linux,dummy-virt (DT)
<3>[ 146.532366] ==================================================================
<6>[ 146.564765] ok 3 - test_out_of_bounds_write
<6>[ 146.577134] # test_out_of_bounds_write-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 146.592675] # test_out_of_bounds_write-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 156.602992] # test_out_of_bounds_write-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312
<3>[ 156.602992] Expected false to be true, but is false
<3>[ 156.602992]
<3>[ 156.602992] failed to allocate from KFENCE
<6>[ 156.864670] not ok 4 - test_out_of_bounds_write-memcache
<6>[ 156.883110] # test_use_after_free_read: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 156.920306] ==================================================================
<3>[ 156.921649] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0
<3>[ 156.921649]
<3>[ 156.923309] Use-after-free read at 0x00000000caed40f2 (in kfence-#161):
<4>[ 156.924510] test_use_after_free_read+0x108/0x1a0
<4>[ 156.925576] kunit_try_run_case+0x8c/0x124
<4>[ 156.926604] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.927837] kthread+0x160/0x170
<4>[ 156.928704] ret_from_fork+0x10/0x20
<3>[ 156.929633]
<4>[ 156.930097] kfence-#161: 0x00000000caed40f2-0x00000000cfe1dfed, size=32, cache=kmalloc-128
<4>[ 156.930097]
<4>[ 156.931655] allocated by task 189 on cpu 1 at 156.916196s:
<4>[ 156.932866] test_alloc+0x1ec/0x3f4
<4>[ 156.933866] test_use_after_free_read+0xd8/0x1a0
<4>[ 156.934880] kunit_try_run_case+0x8c/0x124
<4>[ 156.935869] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.937087] kthread+0x160/0x170
<4>[ 156.937954] ret_from_fork+0x10/0x20
<4>[ 156.938876]
<4>[ 156.939397] freed by task 189 on cpu 1 at 156.918656s:
<4>[ 156.940804] test_use_after_free_read+0x100/0x1a0
<4>[ 156.941846] kunit_try_run_case+0x8c/0x124
<4>[ 156.942846] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 156.944067] kthread+0x160/0x170
<4>[ 156.944953] ret_from_fork+0x10/0x20
<3>[ 156.945999]
<3>[ 156.946508] CPU: 1 PID: 189 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 156.947958] Hardware name: linux,dummy-virt (DT)
<3>[ 156.948819] ==================================================================
<6>[ 156.966907] ok 5 - test_use_after_free_read
<6>[ 156.976859] # test_use_after_free_read-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 156.992569] # test_use_after_free_read-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.027293] ==================================================================
<3>[ 157.028504] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x108/0x1a0
<3>[ 157.028504]
<3>[ 157.030132] Use-after-free read at 0x00000000c829ce1f (in kfence-#163):
<4>[ 157.031322] test_use_after_free_read+0x108/0x1a0
<4>[ 157.032362] kunit_try_run_case+0x8c/0x124
<4>[ 157.033393] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.034632] kthread+0x160/0x170
<4>[ 157.035502] ret_from_fork+0x10/0x20
<3>[ 157.036413]
<4>[ 157.036866] kfence-#163: 0x00000000c829ce1f-0x000000005e59ddd5, size=32, cache=test
<4>[ 157.036866]
<4>[ 157.038360] allocated by task 190 on cpu 0 at 157.023569s:
<4>[ 157.039585] test_alloc+0x1dc/0x3f4
<4>[ 157.040565] test_use_after_free_read+0xd8/0x1a0
<4>[ 157.041582] kunit_try_run_case+0x8c/0x124
<4>[ 157.042580] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.043799] kthread+0x160/0x170
<4>[ 157.044649] ret_from_fork+0x10/0x20
<4>[ 157.045599]
<4>[ 157.046134] freed by task 190 on cpu 0 at 157.024953s:
<4>[ 157.047551] test_use_after_free_read+0xf8/0x1a0
<4>[ 157.048566] kunit_try_run_case+0x8c/0x124
<4>[ 157.049568] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.050796] kthread+0x160/0x170
<4>[ 157.051649] ret_from_fork+0x10/0x20
<3>[ 157.052548]
<3>[ 157.053031] CPU: 0 PID: 190 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.054498] Hardware name: linux,dummy-virt (DT)
<3>[ 157.055359] ==================================================================
<6>[ 157.104441] ok 6 - test_use_after_free_read-memcache
<6>[ 157.119372] # test_double_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 157.135669] ==================================================================
<3>[ 157.137221] BUG: KFENCE: invalid free in test_double_free+0x11c/0x1b0
<3>[ 157.137221]
<3>[ 157.140413] Invalid free of 0x00000000625d21b8 (in kfence-#169):
<4>[ 157.142747] test_double_free+0x11c/0x1b0
<4>[ 157.143701] kunit_try_run_case+0x8c/0x124
<4>[ 157.144704] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.146066] kthread+0x160/0x170
<4>[ 157.146950] ret_from_fork+0x10/0x20
<3>[ 157.147863]
<4>[ 157.148317] kfence-#169: 0x00000000625d21b8-0x000000006be93155, size=32, cache=kmalloc-128
<4>[ 157.148317]
<4>[ 157.149883] allocated by task 191 on cpu 0 at 157.128703s:
<4>[ 157.151092] test_alloc+0x1ec/0x3f4
<4>[ 157.152074] test_double_free+0xdc/0x1b0
<4>[ 157.152968] kunit_try_run_case+0x8c/0x124
<4>[ 157.153970] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.155197] kthread+0x160/0x170
<4>[ 157.156047] ret_from_fork+0x10/0x20
<4>[ 157.156944]
<4>[ 157.157401] freed by task 191 on cpu 0 at 157.132322s:
<4>[ 157.158734] test_double_free+0x100/0x1b0
<4>[ 157.159642] kunit_try_run_case+0x8c/0x124
<4>[ 157.160630] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.161858] kthread+0x160/0x170
<4>[ 157.162718] ret_from_fork+0x10/0x20
<3>[ 157.163618]
<3>[ 157.164098] CPU: 0 PID: 191 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.165554] Hardware name: linux,dummy-virt (DT)
<3>[ 157.166420] ==================================================================
<6>[ 157.184528] ok 7 - test_double_free
<6>[ 157.192238] # test_double_free-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.207952] # test_double_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.247737] ==================================================================
<3>[ 157.248996] BUG: KFENCE: invalid free in test_double_free+0x110/0x1b0
<3>[ 157.248996]
<3>[ 157.250434] Invalid free of 0x0000000089e10b56 (in kfence-#175):
<4>[ 157.251576] test_double_free+0x110/0x1b0
<4>[ 157.252516] kunit_try_run_case+0x8c/0x124
<4>[ 157.253549] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.254803] kthread+0x160/0x170
<4>[ 157.255677] ret_from_fork+0x10/0x20
<3>[ 157.256598]
<4>[ 157.257056] kfence-#175: 0x0000000089e10b56-0x000000007f292b81, size=32, cache=test
<4>[ 157.257056]
<4>[ 157.258578] allocated by task 192 on cpu 1 at 157.243891s:
<4>[ 157.259806] test_alloc+0x1dc/0x3f4
<4>[ 157.260795] test_double_free+0xdc/0x1b0
<4>[ 157.261710] kunit_try_run_case+0x8c/0x124
<4>[ 157.262716] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.263947] kthread+0x160/0x170
<4>[ 157.264806] ret_from_fork+0x10/0x20
<4>[ 157.265726]
<4>[ 157.266183] freed by task 192 on cpu 1 at 157.245330s:
<4>[ 157.267559] test_double_free+0xf8/0x1b0
<4>[ 157.268546] kunit_try_run_case+0x8c/0x124
<4>[ 157.269559] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.270802] kthread+0x160/0x170
<4>[ 157.271662] ret_from_fork+0x10/0x20
<3>[ 157.272570]
<3>[ 157.273058] CPU: 1 PID: 192 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.274541] Hardware name: linux,dummy-virt (DT)
<3>[ 157.275413] ==================================================================
<6>[ 157.328503] ok 8 - test_double_free-memcache
<6>[ 157.344877] # test_invalid_addr_free: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 157.453043] ==================================================================
<3>[ 157.455019] BUG: KFENCE: invalid free in test_invalid_addr_free+0x100/0x1b0
<3>[ 157.455019]
<3>[ 157.456502] Invalid free of 0x0000000076a0b334 (in kfence-#192):
<4>[ 157.457644] test_invalid_addr_free+0x100/0x1b0
<4>[ 157.458665] kunit_try_run_case+0x8c/0x124
<4>[ 157.459674] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.460904] kthread+0x160/0x170
<4>[ 157.461785] ret_from_fork+0x10/0x20
<3>[ 157.462710]
<4>[ 157.463165] kfence-#192: 0x0000000043e4eba2-0x00000000f7ba355c, size=32, cache=kmalloc-128
<4>[ 157.463165]
<4>[ 157.464725] allocated by task 193 on cpu 1 at 157.451146s:
<4>[ 157.465938] test_alloc+0x1ec/0x3f4
<4>[ 157.466932] test_invalid_addr_free+0xdc/0x1b0
<4>[ 157.467908] kunit_try_run_case+0x8c/0x124
<4>[ 157.468895] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.470135] kthread+0x160/0x170
<4>[ 157.470990] ret_from_fork+0x10/0x20
<3>[ 157.471891]
<3>[ 157.472376] CPU: 1 PID: 193 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.473835] Hardware name: linux,dummy-virt (DT)
<3>[ 157.474709] ==================================================================
<6>[ 157.493162] ok 9 - test_invalid_addr_free
<6>[ 157.503607] # test_invalid_addr_free-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.519752] # test_invalid_addr_free-memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 157.561604] ==================================================================
<3>[ 157.562850] BUG: KFENCE: invalid free in test_invalid_addr_free+0xf4/0x1b0
<3>[ 157.562850]
<3>[ 157.564286] Invalid free of 0x000000007575d443 (in kfence-#196):
<4>[ 157.568831] test_invalid_addr_free+0xf4/0x1b0
<4>[ 157.573273] kunit_try_run_case+0x8c/0x124
<4>[ 157.574305] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.575538] kthread+0x160/0x170
<4>[ 157.576400] ret_from_fork+0x10/0x20
<3>[ 157.577327]
<4>[ 157.577786] kfence-#196: 0x00000000249aef65-0x0000000016504c7f, size=32, cache=test
<4>[ 157.577786]
<4>[ 157.579271] allocated by task 194 on cpu 0 at 157.559725s:
<4>[ 157.580493] test_alloc+0x1dc/0x3f4
<4>[ 157.581490] test_invalid_addr_free+0xdc/0x1b0
<4>[ 157.582477] kunit_try_run_case+0x8c/0x124
<4>[ 157.583468] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.585416] kthread+0x160/0x170
<4>[ 157.586294] ret_from_fork+0x10/0x20
<3>[ 157.587200]
<3>[ 157.587683] CPU: 0 PID: 194 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.589128] Hardware name: linux,dummy-virt (DT)
<3>[ 157.590009] ==================================================================
<6>[ 157.650109] ok 10 - test_invalid_addr_free-memcache
<6>[ 157.660487] # test_corruption: test_alloc: size=32, gfp=cc0, policy=left, cache=0
<3>[ 157.770968] ==================================================================
<3>[ 157.772253] BUG: KFENCE: memory corruption in test_corruption+0x110/0x228
<3>[ 157.772253]
<3>[ 157.773875] Corrupted memory at 0x000000004b7c28a2 [ ! . . . . . . . . . . . . . . . ] (in kfence-#214):
<4>[ 157.779193] test_corruption+0x110/0x228
<4>[ 157.780272] kunit_try_run_case+0x8c/0x124
<4>[ 157.781276] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.782513] kthread+0x160/0x170
<4>[ 157.783376] ret_from_fork+0x10/0x20
<3>[ 157.784277]
<4>[ 157.784727] kfence-#214: 0x00000000d6acd214-0x000000006c8b3e7d, size=32, cache=kmalloc-128
<4>[ 157.784727]
<4>[ 157.786281] allocated by task 195 on cpu 0 at 157.767848s:
<4>[ 157.787467] test_alloc+0x1ec/0x3f4
<4>[ 157.788433] test_corruption+0xdc/0x228
<4>[ 157.789468] kunit_try_run_case+0x8c/0x124
<4>[ 157.790463] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.791669] kthread+0x160/0x170
<4>[ 157.792509] ret_from_fork+0x10/0x20
<4>[ 157.793410]
<4>[ 157.793853] freed by task 195 on cpu 0 at 157.769287s:
<4>[ 157.795175] test_corruption+0x110/0x228
<4>[ 157.796215] kunit_try_run_case+0x8c/0x124
<4>[ 157.797190] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.798421] kthread+0x160/0x170
<4>[ 157.799265] ret_from_fork+0x10/0x20
<3>[ 157.800154]
<3>[ 157.800633] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.802070] Hardware name: linux,dummy-virt (DT)
<3>[ 157.802920] ==================================================================
<6>[ 157.807905] # test_corruption: test_alloc: size=32, gfp=cc0, policy=right, cache=0
<3>[ 157.875686] ==================================================================
<3>[ 157.876952] BUG: KFENCE: memory corruption in test_corruption+0x19c/0x228
<3>[ 157.876952]
<3>[ 157.878568] Corrupted memory at 0x00000000ef92165d [ ! ] (in kfence-#69):
<4>[ 157.880281] test_corruption+0x19c/0x228
<4>[ 157.881357] kunit_try_run_case+0x8c/0x124
<4>[ 157.882367] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.883592] kthread+0x160/0x170
<4>[ 157.884446] ret_from_fork+0x10/0x20
<3>[ 157.885356]
<4>[ 157.885807] kfence-#69: 0x000000006d1452b9-0x000000007ecd8566, size=32, cache=kmalloc-128
<4>[ 157.885807]
<4>[ 157.887331] allocated by task 195 on cpu 0 at 157.871996s:
<4>[ 157.888514] test_alloc+0x1ec/0x3f4
<4>[ 157.889491] test_corruption+0x168/0x228
<4>[ 157.890543] kunit_try_run_case+0x8c/0x124
<4>[ 157.891527] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.892732] kthread+0x160/0x170
<4>[ 157.893585] ret_from_fork+0x10/0x20
<4>[ 157.894501]
<4>[ 157.894944] freed by task 195 on cpu 0 at 157.873844s:
<4>[ 157.896253] test_corruption+0x19c/0x228
<4>[ 157.897304] kunit_try_run_case+0x8c/0x124
<4>[ 157.898301] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 157.899508] kthread+0x160/0x170
<4>[ 157.900351] ret_from_fork+0x10/0x20
<3>[ 157.901239]
<3>[ 157.901725] CPU: 0 PID: 195 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 157.903151] Hardware name: linux,dummy-virt (DT)
<3>[ 157.903997] ==================================================================
<6>[ 157.920805] ok 11 - test_corruption
<6>[ 157.935536] # test_corruption-memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 157.955155] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=left, cache=1
<3>[ 158.004366] ==================================================================
<3>[ 158.005682] BUG: KFENCE: memory corruption in test_corruption+0x104/0x228
<3>[ 158.005682]
<3>[ 158.007295] Corrupted memory at 0x000000001c5968bc [ ! . . . . . . . . . . . . . . . ] (in kfence-#227):
<4>[ 158.011480] test_corruption+0x104/0x228
<4>[ 158.012576] kunit_try_run_case+0x8c/0x124
<4>[ 158.013630] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.014887] kthread+0x160/0x170
<4>[ 158.015764] ret_from_fork+0x10/0x20
<3>[ 158.016685]
<4>[ 158.017144] kfence-#227: 0x000000004fd9acd3-0x00000000933444bb, size=32, cache=test
<4>[ 158.017144]
<4>[ 158.018677] allocated by task 196 on cpu 1 at 158.002424s:
<4>[ 158.019939] test_alloc+0x1dc/0x3f4
<4>[ 158.020936] test_corruption+0xdc/0x228
<4>[ 158.022000] kunit_try_run_case+0x8c/0x124
<4>[ 158.023007] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.024242] kthread+0x160/0x170
<4>[ 158.025101] ret_from_fork+0x10/0x20
<4>[ 158.026031]
<4>[ 158.026485] freed by task 196 on cpu 1 at 158.003823s:
<4>[ 158.027854] test_corruption+0x104/0x228
<4>[ 158.028912] kunit_try_run_case+0x8c/0x124
<4>[ 158.029928] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 158.031170] kthread+0x160/0x170
<4>[ 158.032029] ret_from_fork+0x10/0x20
<3>[ 158.032936]
<3>[ 158.033448] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 158.034918] Hardware name: linux,dummy-virt (DT)
<3>[ 158.035795] ==================================================================
<6>[ 158.042188] # test_corruption-memcache: test_alloc: size=32, gfp=cc0, policy=right, cache=1
<3>[ 158.110495] ==================================================================
<3>[ 158.111824] BUG: KFENCE: memory corruption in test_corruption+0x190/0x228
<3>[ 158.111824]
<3>[ 158.113469] Corrupted memory at 0x0000000033b0c4d1 [ ! ] (in kfence-#228):
<4>[ 158.115252] test_corruption+0x190/0x228
<4>[ 159.161394] kunit_try_run_case+0x8c/0x124
<4>[ 159.162566] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.163819] kthread+0x160/0x170
<4>[ 159.164690] ret_from_fork+0x10/0x20
<3>[ 159.165639]
<4>[ 159.166113] kfence-#228: 0x000000008994cb38-0x00000000c2596400, size=32, cache=test
<4>[ 159.166113]
<4>[ 159.167623] allocated by task 196 on cpu 1 at 158.106887s:
<4>[ 159.168861] test_alloc+0x1dc/0x3f4
<4>[ 159.169870] test_corruption+0x168/0x228
<4>[ 159.170942] kunit_try_run_case+0x8c/0x124
<4>[ 159.171942] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.173174] kthread+0x160/0x170
<4>[ 159.174066] ret_from_fork+0x10/0x20
<4>[ 159.174981]
<4>[ 159.175432] freed by task 196 on cpu 1 at 158.108234s:
<4>[ 159.176809] test_corruption+0x190/0x228
<4>[ 159.177887] kunit_try_run_case+0x8c/0x124
<4>[ 159.178898] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 159.180137] kthread+0x160/0x170
<4>[ 159.181000] ret_from_fork+0x10/0x20
<3>[ 159.181927]
<3>[ 159.182425] CPU: 1 PID: 196 Comm: kunit_try_catch Tainted: G B 5.19.13-rc1 #1
<3>[ 159.183897] Hardware name: linux,dummy-virt (DT)
<3>[ 159.184770] ==================================================================
<6>[ 159.282905] ok 12 - test_corruption-memcache
<6>[ 159.295095] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=right, cache=0
<6>[ 159.303452] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.305291] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=left, cache=0
<6>[ 159.512685] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.515515] # test_free_bulk: test_alloc: size=97, gfp=cc0, policy=none, cache=0
<6>[ 159.521918] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=right, cache=0
<6>[ 159.628833] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.531844] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=left, cache=0
<6>[ 162.829039] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.831288] # test_free_bulk: test_alloc: size=245, gfp=cc0, policy=none, cache=0
<6>[ 162.836448] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=right, cache=0
<6>[ 162.933225] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 162.935541] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=left, cache=0
<6>[ 163.037933] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 163.039762] # test_free_bulk: test_alloc: size=54, gfp=cc0, policy=none, cache=0
<6>[ 163.047287] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=right, cache=0
<6>[ 163.349825] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.351653] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=left, cache=0
<6>[ 163.453225] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.455650] # test_free_bulk: test_alloc: size=109, gfp=cc0, policy=none, cache=0
<6>[ 163.460892] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=right, cache=0
<6>[ 163.765793] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.767619] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=left, cache=0
<6>[ 163.869857] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.871694] # test_free_bulk: test_alloc: size=126, gfp=cc0, policy=none, cache=0
<6>[ 163.892894] ok 13 - test_free_bulk
<6>[ 163.904684] # test_free_bulk-memcache: setup_test_cache: size=223, ctor=0x0
<6>[ 163.927257] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=right, cache=1
<6>[ 163.992279] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=none, cache=1
<6>[ 164.007799] # test_free_bulk-memcache: test_alloc: size=223, gfp=cc0, policy=left, cache=1
<3>[ 176.777879] # test_free_bulk-memcache: ASSERTION FAILED at mm/kfence/kfence_test.c:312
<3>[ 176.777879] Expected false to be true, but is false
<3>[ 176.777879]
<3>[ 176.777879] failed to allocate from KFENCE
<3>[ 177.604811] =============================================================================
<3>[ 177.608387] BUG test (Tainted: G B ): Objects remaining in test on __kmem_cache_shutdown()
<3>[ 177.609927] -----------------------------------------------------------------------------
<3>[ 177.609927]
<3>[ 177.611424] Slab 0x000000009535baed objects=14 used=1 fp=0x00000000e8649a76 flags=0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 177.613882] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1
<4>[ 177.615231] Hardware name: linux,dummy-virt (DT)
<4>[ 177.616197] Call trace:
<4>[ 177.616788] dump_backtrace+0xb8/0x130
<4>[ 177.617792] show_stack+0x20/0x60
<4>[ 177.618630] dump_stack_lvl+0x8c/0xb8
<4>[ 177.619548] dump_stack+0x1c/0x38
<4>[ 177.620396] slab_err+0xa0/0xf0
<4>[ 177.621180] __kmem_cache_shutdown+0x140/0x3c0
<4>[ 177.622230] kmem_cache_destroy+0x9c/0x20c
<4>[ 177.623242] test_exit+0x28/0x40
<4>[ 177.624172] kunit_catch_run_case+0x5c/0x120
<4>[ 177.625189] kunit_try_catch_run+0x144/0x26c
<4>[ 177.626251] kunit_run_case_catch_errors+0x158/0x1e0
<4>[ 177.627359] kunit_run_tests+0x374/0x750
<4>[ 177.628316] __kunit_test_suites_init+0x74/0xa0
<4>[ 177.629376] kunit_run_all_tests+0x160/0x380
<4>[ 177.630440] kernel_init_freeable+0x32c/0x388
<4>[ 177.631517] kernel_init+0x2c/0x150
<4>[ 177.632351] ret_from_fork+0x10/0x20
<4>[ 177.633506] Disabling lock debugging due to kernel taint
<3>[ 177.634724] Object 0x00000000a1747116 @offset=2880
<4>[ 177.651182] ------------[ cut here ]------------
<4>[ 177.652217] kmem_cache_destroy test: Slab cache still has objects when called from test_exit+0x28/0x40
<4>[ 177.654849] WARNING: CPU: 0 PID: 1 at mm/slab_common.c:520 kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.666237] Modules linked in:
<4>[ 177.667325] CPU: 0 PID: 1 Comm: swapper/0 Tainted: G B 5.19.13-rc1 #1
<4>[ 177.668666] Hardware name: linux,dummy-virt (DT)
<4>[ 177.669783] pstate: 60400005 (nZCv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<4>[ 177.671120] pc : kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.672217] lr : kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.673302] sp : ffff8000080876f0
<4>[ 177.674013] x29: ffff8000080876f0 x28: ffffb5ed1da56f38 x27: ffffb5ed1a87b480
<4>[ 177.676478] x26: ffff800008087aa0 x25: ffff800008087ac8 x24: ffff00000c73b480
<4>[ 177.678215] x23: 000000004c800000 x22: ffffb5ed1eca3000 x21: ffffb5ed1da381f0
<4>[ 177.679873] x20: fdecb5ed18ea3a78 x19: ffff00000759be00 x18: 00000000ffffffff
<4>[ 177.681540] x17: 0000000000000000 x16: 0000000000000000 x15: 0000000000000000
<4>[ 177.683139] x14: 0000000000000000 x13: 206d6f7266206465 x12: ffff700001010e63
<4>[ 177.684776] x11: 1ffff00001010e62 x10: ffff700001010e62 x9 : ffffb5ed18b89514
<4>[ 177.686554] x8 : ffff800008087317 x7 : 0000000000000001 x6 : 0000000000000001
<4>[ 177.688238] x5 : ffffb5ed1d893000 x4 : dfff800000000000 x3 : ffffb5ed18b89520
<4>[ 177.689912] x2 : 0000000000000000 x1 : 0000000000000000 x0 : ffff000007150000
<4>[ 177.691598] Call trace:
<4>[ 177.692165] kmem_cache_destroy+0x1e8/0x20c
<4>[ 177.693196] test_exit+0x28/0x40
<4>[ 177.694158] kunit_catch_run_case+0x5c/0x120
<4>[ 177.695177] kunit_try_catch_run+0x144/0x26c
<4>[ 177.696211] kunit_run_case_catch_errors+0x158/0x1e0
<4>[ 177.697353] kunit_run_tests+0x374/0x750
<4>[ 177.698333] __kunit_test_suites_init+0x74/0xa0
<4>[ 177.699386] kunit_run_all_tests+0x160/0x380
<4>[ 177.700428] kernel_init_freeable+0x32c/0x388
<4>[ 177.701497] kernel_init+0x2c/0x150
<4>[ 177.702347] ret_from_fork+0x10/0x20
<4>[ 177.703308] ---[ end trace 0000000000000000 ]---
<6>[ 180.045230] not ok 14 - test_free_bulk-memcache
<6>[ 180.063196] ok 15 - test_init_on_free # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON)
<6>[ 180.084390] ok 16 - test_init_on_free-memcache # SKIP Test requires: IS_ENABLED(CONFIG_INIT_ON_FREE_DEFAULT_ON)
<6>[ 180.105203] # test_kmalloc_aligned_oob_read: test_alloc: size=73, gfp=cc0, policy=right, cache=0
<3>[ 180.457864] ==================================================================
<3>[ 180.459247] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x198/0x24c
<3>[ 180.459247]
<3>[ 180.460963] Out-of-bounds read at 0x000000002560c7f9 (201B right of kfence-#4):
<4>[ 180.462326] test_kmalloc_aligned_oob_read+0x198/0x24c
<4>[ 180.463474] kunit_try_run_case+0x8c/0x124
<4>[ 180.464500] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 180.465755] kthread+0x160/0x170
<4>[ 180.466649] ret_from_fork+0x10/0x20
<3>[ 180.467575]
<4>[ 180.468039] kfence-#4: 0x0000000015e6d0b8-0x000000008825abb9, size=73, cache=kmalloc-128
<4>[ 180.468039]
<4>[ 180.469609] allocated by task 201 on cpu 1 at 180.455855s:
<4>[ 180.470849] test_alloc+0x1ec/0x3f4
<4>[ 180.471846] test_kmalloc_aligned_oob_read+0xd8/0x24c
<4>[ 180.472942] kunit_try_run_case+0x8c/0x124
<4>[ 180.473955] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 180.475199] kthread+0x160/0x170
<4>[ 180.476058] ret_from_fork+0x10/0x20
<3>[ 180.476967]
<3>[ 180.477473] CPU: 1 PID: 201 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 180.478948] Hardware name: linux,dummy-virt (DT)
<3>[ 180.479824] ==================================================================
<6>[ 180.491058] ok 17 - test_kmalloc_aligned_oob_read
<6>[ 180.503288] # test_kmalloc_aligned_oob_write: test_alloc: size=73, gfp=cc0, policy=right, cache=0
<3>[ 180.585153] ==================================================================
<3>[ 185.469598] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x138/0x1c4
<3>[ 185.469598]
<3>[ 185.474133] Corrupted memory at 0x00000000a0ce6a66 [ ! . . . . . . . . . . . . . . . ] (in kfence-#27):
<4>[ 185.484171] test_kmalloc_aligned_oob_write+0x138/0x1c4
<4>[ 185.485493] kunit_try_run_case+0x8c/0x124
<4>[ 185.486516] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.487735] kthread+0x160/0x170
<4>[ 185.488587] ret_from_fork+0x10/0x20
<3>[ 185.489513]
<4>[ 185.489972] kfence-#27: 0x00000000e9371982-0x00000000c23ba8ef, size=73, cache=kmalloc-128
<4>[ 185.489972]
<4>[ 185.491505] allocated by task 202 on cpu 0 at 180.567889s:
<4>[ 185.492692] test_alloc+0x1ec/0x3f4
<4>[ 185.493702] test_kmalloc_aligned_oob_write+0xb0/0x1c4
<4>[ 185.494955] kunit_try_run_case+0x8c/0x124
<4>[ 185.495932] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.497137] kthread+0x160/0x170
<4>[ 185.498030] ret_from_fork+0x10/0x20
<4>[ 185.498960]
<4>[ 185.499412] freed by task 202 on cpu 0 at 180.569369s:
<4>[ 185.500726] test_kmalloc_aligned_oob_write+0x138/0x1c4
<4>[ 185.501997] kunit_try_run_case+0x8c/0x124
<4>[ 185.502985] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 185.504189] kthread+0x160/0x170
<4>[ 185.505030] ret_from_fork+0x10/0x20
<3>[ 185.505934]
<3>[ 185.506425] CPU: 1 PID: 202 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 185.507854] Hardware name: linux,dummy-virt (DT)
<3>[ 185.508700] ==================================================================
<6>[ 185.530118] ok 18 - test_kmalloc_aligned_oob_write
<6>[ 185.553266] # test_shrink_memcache: setup_test_cache: size=32, ctor=0x0
<6>[ 185.564610] # test_shrink_memcache: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<6>[ 185.703533] ok 19 - test_shrink_memcache
<6>[ 185.718531] # test_memcache_ctor: setup_test_cache: size=32, ctor=ctor_set_x
<6>[ 185.738941] # test_memcache_ctor: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<6>[ 191.431611] ok 20 - test_memcache_ctor
<3>[ 191.439679] ==================================================================
<3>[ 191.442299] BUG: KFENCE: invalid read in test_invalid_access+0xbc/0x154
<3>[ 191.442299]
<3>[ 191.444078] Invalid read at 0x0000000007fd2fca:
<4>[ 191.445124] test_invalid_access+0xbc/0x154
<4>[ 191.449335] kunit_try_run_case+0x8c/0x124
<4>[ 191.453014] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 191.455058] kthread+0x160/0x170
<4>[ 191.456088] ret_from_fork+0x10/0x20
<3>[ 191.457131]
<3>[ 191.458559] CPU: 1 PID: 205 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 191.460136] Hardware name: linux,dummy-virt (DT)
<3>[ 191.461138] ==================================================================
<6>[ 191.464122] ok 21 - test_invalid_access
<6>[ 191.483030] # test_gfpzero: test_alloc: size=4096, gfp=cc0, policy=any, cache=0
<6>[ 191.602032] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.628219] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.732270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.836193] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 191.941220] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.044521] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.148492] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.252355] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.356490] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.460294] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.564386] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 192.668504] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 198.831501] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 198.935346] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.040858] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.144145] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.249146] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.352064] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.460190] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.571265] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.683792] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.795616] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 199.905239] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.033009] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.145973] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.262301] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.366223] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 200.470247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.719154] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.824896] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 209.932074] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.032275] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.136401] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.240680] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.344798] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.450255] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.552378] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.670247] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.787878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 210.894176] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.011664] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.127937] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.244878] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.363762] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.479959] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.598314] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.696205] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.818181] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 211.913270] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 212.019580] # test_gfpzero: test_alloc: size=4096, gfp=dc0, policy=any, cache=0
<6>[ 212.132069] ok 22 - test_gfpzero
<6>[ 212.144813] # test_memcache_typesafe_by_rcu: setup_test_cache: size=32, ctor=0x0
<6>[ 220.318499] # test_memcache_typesafe_by_rcu: test_alloc: size=32, gfp=cc0, policy=any, cache=1
<3>[ 220.412607] ==================================================================
<3>[ 220.413991] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x1ec/0x2f4
<3>[ 220.413991]
<3>[ 220.415831] Use-after-free read at 0x00000000cfb2c818 (in kfence-#96):
<4>[ 220.417001] test_memcache_typesafe_by_rcu+0x1ec/0x2f4
<4>[ 220.418285] kunit_try_run_case+0x8c/0x124
<4>[ 220.419294] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 220.420523] kthread+0x160/0x170
<4>[ 220.421477] ret_from_fork+0x10/0x20
<3>[ 220.422413]
<4>[ 220.422869] kfence-#96: 0x00000000cfb2c818-0x00000000c749c5ae, size=32, cache=test
<4>[ 220.422869]
<4>[ 220.424335] allocated by task 207 on cpu 0 at 220.379950s:
<4>[ 220.425572] test_alloc+0x1dc/0x3f4
<4>[ 220.430322] test_memcache_typesafe_by_rcu+0x110/0x2f4
<4>[ 220.431607] kunit_try_run_case+0x8c/0x124
<4>[ 220.432599] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 220.433834] kthread+0x160/0x170
<4>[ 220.434699] ret_from_fork+0x10/0x20
<4>[ 220.435600]
<4>[ 220.436047] freed by task 0 on cpu 0 at 220.410124s:
<4>[ 220.438720] rcu_guarded_free+0x34/0x44
<4>[ 220.439757] rcu_core+0x3ec/0xea0
<4>[ 220.440593] rcu_core_si+0x18/0x24
<4>[ 220.441454] __do_softirq+0x210/0x6d8
<4>[ 220.442330] __irq_exit_rcu+0x150/0x170
<4>[ 220.443219] irq_exit_rcu+0x1c/0x50
<4>[ 220.444047] el1_interrupt+0x38/0x60
<4>[ 220.445021] el1h_64_irq_handler+0x18/0x2c
<4>[ 220.446113] el1h_64_irq+0x64/0x68
<4>[ 220.446942] arch_local_irq_enable+0xc/0x20
<4>[ 220.447884] default_idle_call+0x5c/0x248
<4>[ 220.448888] do_idle+0x318/0x3a0
<4>[ 220.449743] cpu_startup_entry+0x30/0x3c
<4>[ 220.450706] kernel_init+0x0/0x150
<4>[ 220.451521] arch_post_acpi_subsys_init+0x0/0x28
<4>[ 229.261490] start_kernel+0x3b0/0x3e4
<4>[ 229.262580] __primary_switched+0xc4/0xcc
<3>[ 229.263584]
<3>[ 229.264068] CPU: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 229.265537] Hardware name: linux,dummy-virt (DT)
<3>[ 229.266410] ==================================================================
<6>[ 229.335366] ok 23 - test_memcache_typesafe_by_rcu
<6>[ 229.363691] # test_krealloc: test_alloc: size=32, gfp=cc0, policy=any, cache=0
<3>[ 229.375301] ==================================================================
<3>[ 229.376537] BUG: KFENCE: use-after-free read in test_krealloc+0x3d0/0x470
<3>[ 229.376537]
<3>[ 229.378277] Use-after-free read at 0x00000000e5ba154b (in kfence-#127):
<4>[ 229.379454] test_krealloc+0x3d0/0x470
<4>[ 229.380495] kunit_try_run_case+0x8c/0x124
<4>[ 229.381563] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.382823] kthread+0x160/0x170
<4>[ 229.383696] ret_from_fork+0x10/0x20
<3>[ 229.384610]
<4>[ 229.385065] kfence-#127: 0x00000000e5ba154b-0x0000000058576b5d, size=32, cache=kmalloc-128
<4>[ 229.385065]
<4>[ 229.386658] allocated by task 208 on cpu 1 at 229.371092s:
<4>[ 229.387877] test_alloc+0x1ec/0x3f4
<4>[ 229.388859] test_krealloc+0xbc/0x470
<4>[ 229.389913] kunit_try_run_case+0x8c/0x124
<4>[ 229.390909] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.392140] kthread+0x160/0x170
<4>[ 229.393018] ret_from_fork+0x10/0x20
<4>[ 229.393987]
<4>[ 229.394456] freed by task 208 on cpu 1 at 229.372734s:
<4>[ 229.395799] krealloc+0xe0/0x1d0
<4>[ 229.396666] test_krealloc+0x184/0x470
<4>[ 229.397779] kunit_try_run_case+0x8c/0x124
<4>[ 229.398798] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 229.400032] kthread+0x160/0x170
<4>[ 229.400892] ret_from_fork+0x10/0x20
<3>[ 229.401883]
<3>[ 229.402404] CPU: 1 PID: 208 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 238.611514] Hardware name: linux,dummy-virt (DT)
<3>[ 238.612482] ==================================================================
<6>[ 238.632920] ok 24 - test_krealloc
<6>[ 238.696085] # test_memcache_alloc_bulk: setup_test_cache: size=32, ctor=0x0
<6>[ 238.850258] ok 25 - test_memcache_alloc_bulk
<6>[ 238.871395] # kfence: pass:21 fail:2 skip:2 total:25
<6>[ 238.872700] # Totals: pass:21 fail:2 skip:2 total:25
<6>[ 238.876941] not ok 4 - kfence
<6>[ 238.927664] # Subtest: binfmt_elf
<6>[ 238.928064] 1..1
<6>[ 238.943081] ok 1 - total_mapping_size_test
<6>[ 238.943988] ok 5 - binfmt_elf
<6>[ 238.953276] # Subtest: compat_binfmt_elf
<6>[ 238.957293] 1..1
<6>[ 238.978832] ok 1 - total_mapping_size_test
<6>[ 238.979699] ok 6 - compat_binfmt_elf
<6>[ 238.985066] # Subtest: ext4_inode_test
<6>[ 238.986791] 1..1
<6>[ 238.987905] # Subtest: inode_test_xtimestamp_decoding
<6>[ 239.002100] ok 1 - 1901-12-13 Lower bound of 32bit < 0 timestamp, no extra bits
<6>[ 239.018377] ok 2 - 1969-12-31 Upper bound of 32bit < 0 timestamp, no extra bits
<6>[ 239.034785] ok 3 - 1970-01-01 Lower bound of 32bit >=0 timestamp, no extra bits
<6>[ 239.059131] ok 4 - 2038-01-19 Upper bound of 32bit >=0 timestamp, no extra bits
<6>[ 239.105052] ok 5 - 2038-01-19 Lower bound of 32bit <0 timestamp, lo extra sec bit on
<6>[ 239.122388] ok 6 - 2106-02-07 Upper bound of 32bit <0 timestamp, lo extra sec bit on
<6>[ 239.142064] ok 7 - 2106-02-07 Lower bound of 32bit >=0 timestamp, lo extra sec bit on
<6>[ 239.178517] ok 8 - 2174-02-25 Upper bound of 32bit >=0 timestamp, lo extra sec bit on
<6>[ 239.211987] ok 9 - 2174-02-25 Lower bound of 32bit <0 timestamp, hi extra sec bit on
<6>[ 239.266123] ok 10 - 2242-03-16 Upper bound of 32bit <0 timestamp, hi extra sec bit on
<6>[ 239.287280] ok 11 - 2242-03-16 Lower bound of 32bit >=0 timestamp, hi extra sec bit on
<6>[ 239.304762] ok 12 - 2310-04-04 Upper bound of 32bit >=0 timestamp, hi extra sec bit on
<6>[ 249.048636] ok 13 - 2310-04-04 Upper bound of 32bit>=0 timestamp, hi extra sec bit 1. 1 ns
<6>[ 249.063451] ok 14 - 2378-04-22 Lower bound of 32bit>= timestamp. Extra sec bits 1. Max ns
<6>[ 249.087134] ok 15 - 2378-04-22 Lower bound of 32bit >=0 timestamp. All extra sec bits on
<6>[ 249.113343] ok 16 - 2446-05-10 Upper bound of 32bit >=0 timestamp. All extra sec bits on
<6>[ 249.115438] # inode_test_xtimestamp_decoding: pass:16 fail:0 skip:0 total:16
<6>[ 249.119662] ok 1 - inode_test_xtimestamp_decoding
<6>[ 249.121129] # Totals: pass:16 fail:0 skip:0 total:16
<6>[ 249.123413] ok 7 - ext4_inode_test
<6>[ 249.134466] # Subtest: fat_test
<6>[ 249.134779] 1..3
<6>[ 249.151000] ok 1 - fat_checksum_test
<6>[ 249.152059] # Subtest: fat_time_fat2unix_test
<6>[ 249.169989] ok 1 - Earliest possible UTC (1980-01-01 00:00:00)
<6>[ 249.199892] ok 2 - Latest possible UTC (2107-12-31 23:59:58)
<6>[ 249.220640] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC)
<6>[ 249.245345] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC)
<6>[ 249.264436] ok 5 - Leap Day / Year (1996-02-29 00:00:00)
<6>[ 249.279514] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00)
<6>[ 249.293978] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00)
<6>[ 249.320622] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC)
<6>[ 249.344042] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC)
<6>[ 249.366050] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59)
<6>[ 249.392257] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010)
<6>[ 249.398427] # fat_time_fat2unix_test: pass:11 fail:0 skip:0 total:11
<6>[ 249.399820] ok 2 - fat_time_fat2unix_test
<6>[ 249.406588] # Subtest: fat_time_unix2fat_test
<6>[ 260.162056] ok 1 - Earliest possible UTC (1980-01-01 00:00:00)
<6>[ 260.179365] ok 2 - Latest possible UTC (2107-12-31 23:59:58)
<6>[ 260.203824] ok 3 - Earliest possible (UTC-11) (== 1979-12-31 13:00:00 UTC)
<6>[ 260.226883] ok 4 - Latest possible (UTC+11) (== 2108-01-01 10:59:58 UTC)
<6>[ 260.280136] ok 5 - Leap Day / Year (1996-02-29 00:00:00)
<6>[ 260.305716] ok 6 - Year 2000 is leap year (2000-02-29 00:00:00)
<6>[ 260.323754] ok 7 - Year 2100 not leap year (2100-03-01 00:00:00)
<6>[ 260.378261] ok 8 - Leap year + timezone UTC+1 (== 2004-02-29 00:30:00 UTC)
<6>[ 260.393144] ok 9 - Leap year + timezone UTC-1 (== 2004-02-29 23:30:00 UTC)
<6>[ 260.415286] ok 10 - VFAT odd-second resolution (1999-12-31 23:59:59)
<6>[ 260.434761] ok 11 - VFAT 10ms resolution (1980-01-01 00:00:00:0010)
<6>[ 260.436185] # fat_time_unix2fat_test: pass:11 fail:0 skip:0 total:11
<6>[ 260.441012] ok 3 - fat_time_unix2fat_test
<6>[ 260.443215] # fat_test: pass:3 fail:0 skip:0 total:3
<6>[ 260.444258] # Totals: pass:23 fail:0 skip:0 total:23
<6>[ 260.447811] ok 8 - fat_test
<6>[ 260.462831] # Subtest: hash
<6>[ 260.463141] 1..2
<6>[ 260.505022] ok 1 - test_string_or
<6>[ 262.084868] ok 2 - test_hash_or
<6>[ 262.088325] # hash: pass:2 fail:0 skip:0 total:2
<6>[ 262.090146] # Totals: pass:2 fail:0 skip:0 total:2
<6>[ 262.102608] ok 9 - hash
<6>[ 262.108069] # Subtest: kasan
<6>[ 262.108392] 1..55
<3>[ 262.136709] ==================================================================
<3>[ 262.140323] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xcc/0x33c
<3>[ 262.143929] Write of size 1 at addr ffff00000768b673 by task kunit_try_catch/253
<3>[ 262.145162]
<3>[ 262.145723] CPU: 0 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.745558] Hardware name: linux,dummy-virt (DT)
<3>[ 272.746457] Call trace:
<3>[ 272.747004] dump_backtrace+0xb8/0x130
<3>[ 272.748068] show_stack+0x20/0x60
<3>[ 272.749012] dump_stack_lvl+0x8c/0xb8
<3>[ 272.752279] print_report+0x2e4/0x620
<3>[ 272.753374] kasan_report+0xa8/0x1dc
<3>[ 272.754426] __asan_store1+0x88/0xb0
<3>[ 272.755412] kmalloc_oob_right+0xcc/0x33c
<3>[ 272.756317] kunit_try_run_case+0x8c/0x124
<3>[ 272.757280] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 272.760652] kthread+0x160/0x170
<3>[ 272.761715] ret_from_fork+0x10/0x20
<3>[ 272.762634]
<3>[ 272.763189] Allocated by task 253:
<4>[ 272.763960] kasan_save_stack+0x2c/0x5c
<4>[ 272.764895] __kasan_kmalloc+0xac/0x104
<4>[ 272.767970] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 272.768965] kmalloc_oob_right+0xa0/0x33c
<4>[ 272.772937] kunit_try_run_case+0x8c/0x124
<4>[ 272.779033] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 272.780190] kthread+0x160/0x170
<4>[ 272.781012] ret_from_fork+0x10/0x20
<3>[ 272.784097]
<3>[ 272.784607] The buggy address belongs to the object at ffff00000768b600
<3>[ 272.784607] which belongs to the cache kmalloc-128 of size 128
<3>[ 272.786388] The buggy address is located 115 bytes inside of
<3>[ 272.786388] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 272.788054]
<3>[ 272.788658] The buggy address belongs to the physical page:
<4>[ 272.792008] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 272.793586] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 272.795328] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 272.796640] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 272.800031] page dumped because: kasan: bad access detected
<3>[ 272.800948]
<3>[ 272.801408] Memory state around the buggy address:
<3>[ 272.802568] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.803760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.804920] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 272.808172] ^
<3>[ 272.809340] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.810499] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 272.811632] ==================================================================
<3>[ 272.887306] ==================================================================
<3>[ 272.889786] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xf8/0x33c
<3>[ 272.891094] Write of size 1 at addr ffff00000768b678 by task kunit_try_catch/253
<3>[ 272.892255]
<3>[ 272.892719] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.894046] Hardware name: linux,dummy-virt (DT)
<3>[ 272.894849] Call trace:
<3>[ 272.895390] dump_backtrace+0xb8/0x130
<3>[ 272.896262] show_stack+0x20/0x60
<3>[ 272.897055] dump_stack_lvl+0x8c/0xb8
<3>[ 272.897955] print_report+0x2e4/0x620
<3>[ 272.898855] kasan_report+0xa8/0x1dc
<3>[ 272.899731] __asan_store1+0x88/0xb0
<3>[ 272.908131] kmalloc_oob_right+0xf8/0x33c
<3>[ 272.909074] kunit_try_run_case+0x8c/0x124
<3>[ 272.910058] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 272.911222] kthread+0x160/0x170
<3>[ 272.912060] ret_from_fork+0x10/0x20
<3>[ 272.912945]
<3>[ 272.913388] Allocated by task 253:
<4>[ 272.914064] kasan_save_stack+0x2c/0x5c
<4>[ 272.914965] __kasan_kmalloc+0xac/0x104
<4>[ 272.915848] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 272.916810] kmalloc_oob_right+0xa0/0x33c
<4>[ 272.917717] kunit_try_run_case+0x8c/0x124
<4>[ 272.918668] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 272.919816] kthread+0x160/0x170
<4>[ 272.920635] ret_from_fork+0x10/0x20
<3>[ 272.921511]
<3>[ 272.921938] The buggy address belongs to the object at ffff00000768b600
<3>[ 272.921938] which belongs to the cache kmalloc-128 of size 128
<3>[ 272.923632] The buggy address is located 120 bytes inside of
<3>[ 272.923632] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 272.925289]
<3>[ 272.925722] The buggy address belongs to the physical page:
<4>[ 272.926609] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 272.927982] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 272.929294] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 272.930555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 272.931697] page dumped because: kasan: bad access detected
<3>[ 272.932576]
<3>[ 272.932997] Memory state around the buggy address:
<3>[ 272.933855] ffff00000768b500: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.935016] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.936168] >ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 272.937261] ^
<3>[ 272.938360] ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 272.939514] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 272.940598] ==================================================================
<3>[ 272.943491] ==================================================================
<3>[ 272.944574] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x124/0x33c
<3>[ 272.945854] Read of size 1 at addr ffff00000768b680 by task kunit_try_catch/253
<3>[ 272.947010]
<3>[ 272.947469] CPU: 1 PID: 253 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 272.948775] Hardware name: linux,dummy-virt (DT)
<3>[ 272.949580] Call trace:
<3>[ 272.950125] dump_backtrace+0xb8/0x130
<3>[ 273.084775] show_stack+0x20/0x60
<3>[ 273.085687] dump_stack_lvl+0x8c/0xb8
<3>[ 273.086588] print_report+0x2e4/0x620
<3>[ 273.087482] kasan_report+0xa8/0x1dc
<3>[ 273.088359] __asan_load1+0x88/0xb0
<3>[ 273.089229] kmalloc_oob_right+0x124/0x33c
<3>[ 273.090172] kunit_try_run_case+0x8c/0x124
<3>[ 273.091126] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 273.092284] kthread+0x160/0x170
<3>[ 273.093113] ret_from_fork+0x10/0x20
<3>[ 273.094022]
<3>[ 273.094451] Allocated by task 253:
<4>[ 273.095116] kasan_save_stack+0x2c/0x5c
<4>[ 273.096009] __kasan_kmalloc+0xac/0x104
<4>[ 273.096892] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 273.097872] kmalloc_oob_right+0xa0/0x33c
<4>[ 273.098770] kunit_try_run_case+0x8c/0x124
<4>[ 273.099711] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 273.100860] kthread+0x160/0x170
<4>[ 273.101698] ret_from_fork+0x10/0x20
<3>[ 273.102572]
<3>[ 273.102996] The buggy address belongs to the object at ffff00000768b600
<3>[ 273.102996] which belongs to the cache kmalloc-128 of size 128
<3>[ 273.104717] The buggy address is located 0 bytes to the right of
<3>[ 273.104717] 128-byte region [ffff00000768b600, ffff00000768b680)
<3>[ 273.106421]
<3>[ 273.106853] The buggy address belongs to the physical page:
<4>[ 273.107732] page:000000002b6fea86 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768b
<4>[ 273.109100] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 273.374827] raw: 03fffc0000000200 fffffc00001da380 dead000000000002 ffff000006802300
<4>[ 273.380394] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 273.381594] page dumped because: kasan: bad access detected
<3>[ 273.382487]
<3>[ 273.382910] Memory state around the buggy address:
<3>[ 273.383760] ffff00000768b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.384913] ffff00000768b600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc
<3>[ 273.386086] >ffff00000768b680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.387175] ^
<3>[ 273.387868] ffff00000768b700: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 273.389020] ffff00000768b780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 273.390128] ==================================================================
<6>[ 273.412868] ok 1 - kmalloc_oob_right
<3>[ 273.431711] ==================================================================
<3>[ 273.435034] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcc/0x1e0
<3>[ 273.436285] Read of size 1 at addr ffff00000768dfff by task kunit_try_catch/254
<3>[ 273.439305]
<3>[ 273.439788] CPU: 0 PID: 254 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 273.441098] Hardware name: linux,dummy-virt (DT)
<3>[ 273.442769] Call trace:
<3>[ 273.443324] dump_backtrace+0xb8/0x130
<3>[ 273.444193] show_stack+0x20/0x60
<3>[ 273.444986] dump_stack_lvl+0x8c/0xb8
<3>[ 273.447681] print_report+0x2e4/0x620
<3>[ 273.448589] kasan_report+0xa8/0x1dc
<3>[ 273.450237] __asan_load1+0x88/0xb0
<3>[ 273.451139] kmalloc_oob_left+0xcc/0x1e0
<3>[ 273.452024] kunit_try_run_case+0x8c/0x124
<3>[ 273.452973] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 273.455913] kthread+0x160/0x170
<3>[ 273.456757] ret_from_fork+0x10/0x20
<3>[ 273.458410]
<3>[ 273.458861] Allocated by task 1:
<4>[ 273.459509] kasan_save_stack+0x2c/0x5c
<4>[ 273.850477] __kasan_slab_alloc+0xc0/0xd0
<4>[ 273.851506] kmem_cache_alloc+0x180/0x3a0
<4>[ 273.852402] __kernfs_new_node+0xd8/0x360
<4>[ 273.855133] kernfs_new_node+0x78/0xc0
<4>[ 273.856113] __kernfs_create_file+0x38/0x16c
<4>[ 273.857121] sysfs_add_file_mode_ns+0xd0/0x1b0
<4>[ 273.858984] internal_create_group+0x1c4/0x560
<4>[ 273.860051] internal_create_groups.part.0+0x68/0xf0
<4>[ 273.861197] sysfs_create_groups+0x24/0x40
<4>[ 273.864005] device_add_groups+0x18/0x24
<4>[ 273.865019] bus_add_device+0x74/0x244
<4>[ 273.866790] device_add+0x5a0/0xd14
<4>[ 273.867610] of_device_add+0x80/0xb0
<4>[ 273.868528] of_platform_device_create_pdata+0xd4/0x150
<4>[ 273.871468] of_platform_bus_create+0x264/0x5e4
<4>[ 273.872550] of_platform_populate+0x68/0x150
<4>[ 273.874338] of_platform_default_populate_init+0xfc/0x11c
<4>[ 273.875566] do_one_initcall+0xa4/0x3ec
<4>[ 273.876440] kernel_init_freeable+0x2fc/0x388
<4>[ 273.879219] kernel_init+0x2c/0x150
<4>[ 273.880049] ret_from_fork+0x10/0x20
<3>[ 273.880913]
<3>[ 273.882096] The buggy address belongs to the object at ffff00000768df00
<3>[ 273.882096] which belongs to the cache kernfs_node_cache of size 128
<3>[ 273.883871] The buggy address is located 127 bytes to the right of
<3>[ 273.883871] 128-byte region [ffff00000768df00, ffff00000768df80)
<3>[ 273.887340]
<3>[ 273.887792] The buggy address belongs to the physical page:
<4>[ 273.888669] page:000000000f4785f9 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4768d
<4>[ 273.890801] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 273.892105] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff0000070bfb00
<4>[ 273.895105] raw: 0000000000000000 0000000000150015 00000001ffffffff 0000000000000000
<4>[ 273.896281] page dumped because: kasan: bad access detected
<3>[ 273.897162]
<3>[ 273.898342] Memory state around the buggy address:
<3>[ 274.487989] ffff00000768de80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 274.489224] ffff00000768df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 274.491205] >ffff00000768df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.492296] ^
<3>[ 274.495199] ffff00000768e000: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.496392] ffff00000768e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 274.498249] ==================================================================
<6>[ 274.514571] ok 2 - kmalloc_oob_left
<3>[ 274.539686] ==================================================================
<3>[ 274.541909] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd4/0x1f0
<3>[ 274.543592] Read of size 1 at addr ffff00000ac9d000 by task kunit_try_catch/255
<3>[ 274.548170]
<3>[ 274.548679] CPU: 0 PID: 255 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 274.550379] Hardware name: linux,dummy-virt (DT)
<3>[ 274.551384] Call trace:
<3>[ 274.552036] dump_backtrace+0xb8/0x130
<3>[ 274.552973] show_stack+0x20/0x60
<3>[ 274.555879] dump_stack_lvl+0x8c/0xb8
<3>[ 274.556782] print_report+0x2e4/0x620
<3>[ 274.557685] kasan_report+0xa8/0x1dc
<3>[ 274.558571] __asan_load1+0x88/0xb0
<3>[ 274.559442] kmalloc_node_oob_right+0xd4/0x1f0
<3>[ 274.560422] kunit_try_run_case+0x8c/0x124
<3>[ 274.563328] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 274.564522] kthread+0x160/0x170
<3>[ 274.565369] ret_from_fork+0x10/0x20
<3>[ 274.566260]
<3>[ 274.566721] Allocated by task 255:
<4>[ 274.567444] kasan_save_stack+0x2c/0x5c
<4>[ 274.568403] __kasan_kmalloc+0xac/0x104
<4>[ 274.569299] kmem_cache_alloc_node_trace+0x1cc/0x3f0
<4>[ 274.572244] kmalloc_node_oob_right+0xa4/0x1f0
<4>[ 274.573217] kunit_try_run_case+0x8c/0x124
<4>[ 274.574179] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 275.352410] kthread+0x160/0x170
<4>[ 275.353517] ret_from_fork+0x10/0x20
<3>[ 275.354559]
<3>[ 275.355058] The buggy address belongs to the object at ffff00000ac9c000
<3>[ 275.355058] which belongs to the cache kmalloc-4k of size 4096
<3>[ 275.356749] The buggy address is located 0 bytes to the right of
<3>[ 275.356749] 4096-byte region [ffff00000ac9c000, ffff00000ac9d000)
<3>[ 275.360772]
<3>[ 275.361231] The buggy address belongs to the physical page:
<4>[ 275.362233] page:0000000025e44160 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ac98
<4>[ 275.363680] head:0000000025e44160 order:3 compound_mapcount:0 compound_pincount:0
<4>[ 275.364816] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 275.368511] raw: 03fffc0000010200 0000000000000000 dead000000000001 ffff000006802a80
<4>[ 275.369962] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000
<4>[ 275.371120] page dumped because: kasan: bad access detected
<3>[ 275.372002]
<3>[ 275.372424] Memory state around the buggy address:
<3>[ 275.373285] ffff00000ac9cf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 275.376653] ffff00000ac9cf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 275.377825] >ffff00000ac9d000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.378918] ^
<3>[ 275.379609] ffff00000ac9d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.380761] ffff00000ac9d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 275.384020] ==================================================================
<6>[ 275.424507] ok 3 - kmalloc_node_oob_right
<3>[ 275.450873] ==================================================================
<3>[ 275.455754] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0xbc/0x1c4
<3>[ 275.457144] Write of size 1 at addr ffff00000cba600a by task kunit_try_catch/256
<3>[ 275.459488]
<3>[ 276.465186] CPU: 1 PID: 256 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 276.466662] Hardware name: linux,dummy-virt (DT)
<3>[ 276.467467] Call trace:
<3>[ 276.468011] dump_backtrace+0xb8/0x130
<3>[ 276.468898] show_stack+0x20/0x60
<3>[ 276.469711] dump_stack_lvl+0x8c/0xb8
<3>[ 276.470698] print_report+0x2e4/0x620
<3>[ 276.471727] kasan_report+0xa8/0x1dc
<3>[ 276.472608] __asan_store1+0x88/0xb0
<3>[ 276.473515] kmalloc_pagealloc_oob_right+0xbc/0x1c4
<3>[ 276.474548] kunit_try_run_case+0x8c/0x124
<3>[ 276.475499] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 276.476660] kthread+0x160/0x170
<3>[ 276.477504] ret_from_fork+0x10/0x20
<3>[ 276.478394]
<3>[ 276.478826] The buggy address belongs to the physical page:
<4>[ 276.479886] page:000000002a0a991a refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4
<4>[ 276.481289] head:000000002a0a991a order:2 compound_mapcount:0 compound_pincount:0
<4>[ 276.482433] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 276.483713] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 276.484959] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 276.486189] page dumped because: kasan: bad access detected
<3>[ 276.487080]
<3>[ 276.487502] Memory state around the buggy address:
<3>[ 276.488348] ffff00000cba5f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 276.489515] ffff00000cba5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 276.490675] >ffff00000cba6000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.491759] ^
<3>[ 276.492481] ffff00000cba6080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.493650] ffff00000cba6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 276.494742] ==================================================================
<6>[ 276.511929] ok 4 - kmalloc_pagealloc_oob_right
<3>[ 276.534942] ==================================================================
<3>[ 277.850597] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xc0/0x1c0
<3>[ 277.851905] Read of size 1 at addr ffff00000cba4000 by task kunit_try_catch/257
<3>[ 277.853052]
<3>[ 277.853542] CPU: 1 PID: 257 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 277.854860] Hardware name: linux,dummy-virt (DT)
<3>[ 277.855658] Call trace:
<3>[ 277.856196] dump_backtrace+0xb8/0x130
<3>[ 277.857061] show_stack+0x20/0x60
<3>[ 277.857878] dump_stack_lvl+0x8c/0xb8
<3>[ 277.858763] print_report+0x2e4/0x620
<3>[ 277.859651] kasan_report+0xa8/0x1dc
<3>[ 277.860525] __asan_load1+0x88/0xb0
<3>[ 277.861410] kmalloc_pagealloc_uaf+0xc0/0x1c0
<3>[ 277.862362] kunit_try_run_case+0x8c/0x124
<3>[ 277.863313] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 277.864471] kthread+0x160/0x170
<3>[ 277.865312] ret_from_fork+0x10/0x20
<3>[ 277.866203]
<3>[ 277.866635] The buggy address belongs to the physical page:
<4>[ 277.867570] page:000000002a0a991a refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cba4
<4>[ 277.868943] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff)
<4>[ 277.870198] raw: 03fffc0000000000 fffffc0000323108 ffff00003411a7b0 0000000000000000
<4>[ 277.871446] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000
<4>[ 277.872613] page dumped because: kasan: bad access detected
<3>[ 277.873627]
<3>[ 277.874062] Memory state around the buggy address:
<3>[ 277.874910] ffff00000cba3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.876063] ffff00000cba3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.877214] >ffff00000cba4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.878319] ^
<3>[ 277.879015] ffff00000cba4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 277.880166] ffff00000cba4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 279.531087] ==================================================================
<6>[ 279.595005] ok 5 - kmalloc_pagealloc_uaf
<3>[ 279.631090] ==================================================================
<3>[ 279.632896] BUG: KASAN: double-free or invalid-free in kfree+0x374/0x3f0
<3>[ 279.634105]
<3>[ 279.634572] CPU: 0 PID: 258 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 279.636253] Hardware name: linux,dummy-virt (DT)
<3>[ 279.637265] Call trace:
<3>[ 279.640397] dump_backtrace+0xb8/0x130
<3>[ 279.642141] show_stack+0x20/0x60
<3>[ 279.642983] dump_stack_lvl+0x8c/0xb8
<3>[ 279.643868] print_report+0x2e4/0x620
<3>[ 279.644754] kasan_report_invalid_free+0x84/0x110
<3>[ 279.647562] __kasan_kfree_large+0x5c/0xc4
<3>[ 279.648535] free_large_kmalloc+0x78/0x16c
<3>[ 279.650200] kfree+0x374/0x3f0
<3>[ 279.650974] kmalloc_pagealloc_invalid_free+0xb8/0x1b0
<3>[ 279.652033] kunit_try_run_case+0x8c/0x124
<3>[ 279.652984] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 279.655934] kthread+0x160/0x170
<3>[ 279.656776] ret_from_fork+0x10/0x20
<3>[ 279.658426]
<3>[ 279.658878] The buggy address belongs to the physical page:
<4>[ 279.659763] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 279.661132] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 279.664028] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 279.666072] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 279.667351] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 279.668494] page dumped because: kasan: bad access detected
<3>[ 279.671120]
<3>[ 279.671570] Memory state around the buggy address:
<3>[ 279.672422] ffff00000ca5ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 279.674347] ffff00000ca5ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 281.596106] >ffff00000ca60000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.597284] ^
<3>[ 281.598902] ffff00000ca60080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.600060] ffff00000ca60100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 281.601182] ==================================================================
<6>[ 281.618091] ok 6 - kmalloc_pagealloc_invalid_free
<6>[ 281.642935] ok 7 - pagealloc_oob_right # SKIP Test requires CONFIG_KASAN_GENERIC=n
<3>[ 281.668654] ==================================================================
<3>[ 281.671090] BUG: KASAN: use-after-free in pagealloc_uaf+0xdc/0x1ec
<3>[ 281.672542] Read of size 1 at addr ffff00000db80000 by task kunit_try_catch/260
<3>[ 281.676377]
<3>[ 281.676935] CPU: 1 PID: 260 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 281.680348] Hardware name: linux,dummy-virt (DT)
<3>[ 281.681389] Call trace:
<3>[ 281.682053] dump_backtrace+0xb8/0x130
<3>[ 281.682976] show_stack+0x20/0x60
<3>[ 281.683771] dump_stack_lvl+0x8c/0xb8
<3>[ 281.684648] print_report+0x2e4/0x620
<3>[ 281.687386] kasan_report+0xa8/0x1dc
<3>[ 281.688293] __asan_load1+0x88/0xb0
<3>[ 281.689165] pagealloc_uaf+0xdc/0x1ec
<3>[ 281.690049] kunit_try_run_case+0x8c/0x124
<3>[ 281.691000] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 281.692157] kthread+0x160/0x170
<3>[ 281.692987] ret_from_fork+0x10/0x20
<3>[ 281.695768]
<3>[ 281.696210] The buggy address belongs to the physical page:
<4>[ 281.697087] page:00000000ba590f46 refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x4db80
<4>[ 281.698511] flags: 0x3fffc0000000000(node=0|zone=0|lastcpupid=0xffff)
<4>[ 281.699728] raw: 03fffc0000000000 ffff00003fdffda0 fffffc0000392408 0000000000000000
<4>[ 281.700973] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000
<4>[ 281.704037] page dumped because: kasan: bad access detected
<3>[ 284.023294]
<3>[ 284.023873] Memory state around the buggy address:
<3>[ 284.024951] ffff00000db7ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.026191] ffff00000db7ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.027357] >ffff00000db80000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.028442] ^
<3>[ 284.029136] ffff00000db80080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.032569] ffff00000db80100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<3>[ 284.033680] ==================================================================
<6>[ 284.080693] ok 8 - pagealloc_uaf
<3>[ 284.106285] ==================================================================
<3>[ 284.108402] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0xcc/0x1dc
<3>[ 284.112775] Write of size 1 at addr ffff00000c565f00 by task kunit_try_catch/261
<3>[ 284.115013]
<3>[ 284.115493] CPU: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 284.116806] Hardware name: linux,dummy-virt (DT)
<3>[ 284.119353] Call trace:
<3>[ 284.119914] dump_backtrace+0xb8/0x130
<3>[ 284.120784] show_stack+0x20/0x60
<3>[ 284.122342] dump_stack_lvl+0x8c/0xb8
<3>[ 284.123249] print_report+0x2e4/0x620
<3>[ 284.124139] kasan_report+0xa8/0x1dc
<3>[ 284.125015] __asan_store1+0x88/0xb0
<3>[ 284.127645] kmalloc_large_oob_right+0xcc/0x1dc
<3>[ 284.128633] kunit_try_run_case+0x8c/0x124
<3>[ 284.130342] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 284.131529] kthread+0x160/0x170
<3>[ 284.132360] ret_from_fork+0x10/0x20
<3>[ 284.133242]
<3>[ 284.135432] Allocated by task 261:
<4>[ 284.136108] kasan_save_stack+0x2c/0x5c
<4>[ 284.137005] __kasan_kmalloc+0xac/0x104
<4>[ 284.138649] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 284.139627] kmalloc_large_oob_right+0x9c/0x1dc
<4>[ 284.140589] kunit_try_run_case+0x8c/0x124
<4>[ 286.859689] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 286.860953] kthread+0x160/0x170
<4>[ 286.862568] ret_from_fork+0x10/0x20
<3>[ 286.863467]
<3>[ 286.863894] The buggy address belongs to the object at ffff00000c564000
<3>[ 286.863894] which belongs to the cache kmalloc-8k of size 8192
<3>[ 286.867393] The buggy address is located 7936 bytes inside of
<3>[ 286.867393] 8192-byte region [ffff00000c564000, ffff00000c566000)
<3>[ 286.869086]
<3>[ 286.870278] The buggy address belongs to the physical page:
<4>[ 286.871176] page:0000000041b876cd refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4c560
<4>[ 286.872551] head:0000000041b876cd order:3 compound_mapcount:0 compound_pincount:0
<4>[ 286.875419] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 286.876785] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802c00
<4>[ 286.878800] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000
<4>[ 286.879958] page dumped because: kasan: bad access detected
<3>[ 286.880840]
<3>[ 286.881274] Memory state around the buggy address:
<3>[ 286.883865] ffff00000c565e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 286.885112] ffff00000c565e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 286.887103] >ffff00000c565f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.888199] ^
<3>[ 286.888890] ffff00000c565f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.891781] ffff00000c566000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 286.892885] ==================================================================
<6>[ 286.927544] ok 9 - kmalloc_large_oob_right
<3>[ 286.950366] ==================================================================
<3>[ 286.952497] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4
<3>[ 286.954998] Write of size 1 at addr ffff00000cbb5eeb by task kunit_try_catch/262
<3>[ 290.138598]
<3>[ 290.139150] CPU: 1 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 290.140564] Hardware name: linux,dummy-virt (DT)
<3>[ 290.142215] Call trace:
<3>[ 290.142795] dump_backtrace+0xb8/0x130
<3>[ 290.143682] show_stack+0x20/0x60
<3>[ 290.144477] dump_stack_lvl+0x8c/0xb8
<3>[ 290.146278] print_report+0x2e4/0x620
<3>[ 290.147208] kasan_report+0xa8/0x1dc
<3>[ 290.148086] __asan_store1+0x88/0xb0
<3>[ 290.148969] krealloc_more_oob_helper+0x140/0x3a4
<3>[ 290.150880] krealloc_more_oob+0x18/0x24
<3>[ 290.151793] kunit_try_run_case+0x8c/0x124
<3>[ 290.152743] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 290.154786] kthread+0x160/0x170
<3>[ 290.155642] ret_from_fork+0x10/0x20
<3>[ 290.156525]
<3>[ 290.156952] Allocated by task 262:
<4>[ 290.158488] kasan_save_stack+0x2c/0x5c
<4>[ 290.159409] __kasan_krealloc+0xf8/0x190
<4>[ 290.160317] krealloc+0x170/0x1d0
<4>[ 290.161162] krealloc_more_oob_helper+0xd8/0x3a4
<4>[ 290.163040] krealloc_more_oob+0x18/0x24
<4>[ 290.163934] kunit_try_run_case+0x8c/0x124
<4>[ 290.164874] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 290.166901] kthread+0x160/0x170
<4>[ 290.167736] ret_from_fork+0x10/0x20
<3>[ 290.168599]
<3>[ 290.169023] The buggy address belongs to the object at ffff00000cbb5e00
<3>[ 290.169023] which belongs to the cache kmalloc-256 of size 256
<3>[ 290.171586] The buggy address is located 235 bytes inside of
<3>[ 290.171586] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00)
<3>[ 293.863129]
<3>[ 293.863645] The buggy address belongs to the physical page:
<4>[ 293.864533] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 293.866805] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 293.867981] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 293.870183] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 293.871473] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 293.872619] page dumped because: kasan: bad access detected
<3>[ 293.874384]
<3>[ 293.874828] Memory state around the buggy address:
<3>[ 293.875680] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.876835] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 293.878858] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
<3>[ 293.879961] ^
<3>[ 293.881001] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.883024] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 293.884128] ==================================================================
<3>[ 293.899496] ==================================================================
<3>[ 293.900902] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4
<3>[ 293.905389] Write of size 1 at addr ffff00000cbb5ef0 by task kunit_try_catch/262
<3>[ 293.906567]
<3>[ 293.907105] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 293.908781] Hardware name: linux,dummy-virt (DT)
<3>[ 293.909848] Call trace:
<3>[ 293.910398] dump_backtrace+0xb8/0x130
<3>[ 293.911268] show_stack+0x20/0x60
<3>[ 293.912060] dump_stack_lvl+0x8c/0xb8
<3>[ 298.097291] print_report+0x2e4/0x620
<3>[ 298.098319] kasan_report+0xa8/0x1dc
<3>[ 298.099226] __asan_store1+0x88/0xb0
<3>[ 298.100295] krealloc_more_oob_helper+0x174/0x3a4
<3>[ 298.101329] krealloc_more_oob+0x18/0x24
<3>[ 298.102238] kunit_try_run_case+0x8c/0x124
<3>[ 298.103189] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 298.104346] kthread+0x160/0x170
<3>[ 298.105176] ret_from_fork+0x10/0x20
<3>[ 298.106111]
<3>[ 298.106541] Allocated by task 262:
<4>[ 298.107208] kasan_save_stack+0x2c/0x5c
<4>[ 298.108104] __kasan_krealloc+0xf8/0x190
<4>[ 298.109013] krealloc+0x170/0x1d0
<4>[ 298.109878] krealloc_more_oob_helper+0xd8/0x3a4
<4>[ 298.110874] krealloc_more_oob+0x18/0x24
<4>[ 298.111763] kunit_try_run_case+0x8c/0x124
<4>[ 298.112702] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 298.113866] kthread+0x160/0x170
<4>[ 298.114696] ret_from_fork+0x10/0x20
<3>[ 298.115561]
<3>[ 298.115986] The buggy address belongs to the object at ffff00000cbb5e00
<3>[ 298.115986] which belongs to the cache kmalloc-256 of size 256
<3>[ 298.117681] The buggy address is located 240 bytes inside of
<3>[ 298.117681] 256-byte region [ffff00000cbb5e00, ffff00000cbb5f00)
<3>[ 298.119332]
<3>[ 298.119763] The buggy address belongs to the physical page:
<4>[ 298.120640] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 298.122024] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 298.123159] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 298.124504] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 298.125770] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 298.126917] page dumped because: kasan: bad access detected
<3>[ 298.127795]
<3>[ 298.128216] Memory state around the buggy address:
<3>[ 298.129061] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.869824] ffff00000cbb5e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 302.871061] >ffff00000cbb5e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc
<3>[ 302.872149] ^
<3>[ 302.873221] ffff00000cbb5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.874402] ffff00000cbb5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 302.875489] ==================================================================
<6>[ 302.882189] ok 10 - krealloc_more_oob
<3>[ 302.900583] ==================================================================
<3>[ 302.903434] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc
<3>[ 302.904842] Write of size 1 at addr ffff00000cbb5cc9 by task kunit_try_catch/263
<3>[ 302.908042]
<3>[ 302.908530] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 302.909858] Hardware name: linux,dummy-virt (DT)
<3>[ 302.910663] Call trace:
<3>[ 302.911202] dump_backtrace+0xb8/0x130
<3>[ 302.912073] show_stack+0x20/0x60
<3>[ 302.912866] dump_stack_lvl+0x8c/0xb8
<3>[ 302.915685] print_report+0x2e4/0x620
<3>[ 302.916607] kasan_report+0xa8/0x1dc
<3>[ 302.917500] __asan_store1+0x88/0xb0
<3>[ 302.918392] krealloc_less_oob_helper+0x114/0x5fc
<3>[ 302.919405] krealloc_less_oob+0x18/0x2c
<3>[ 302.920302] kunit_try_run_case+0x8c/0x124
<3>[ 302.921263] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 302.924341] kthread+0x160/0x170
<3>[ 302.925178] ret_from_fork+0x10/0x20
<3>[ 302.926084]
<3>[ 302.926513] Allocated by task 263:
<4>[ 302.927176] kasan_save_stack+0x2c/0x5c
<4>[ 302.928071] __kasan_krealloc+0xf8/0x190
<4>[ 302.928980] krealloc+0x170/0x1d0
<4>[ 302.931735] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 302.932739] krealloc_less_oob+0x18/0x2c
<4>[ 302.933642] kunit_try_run_case+0x8c/0x124
<4>[ 302.934592] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 308.223745] kthread+0x160/0x170
<4>[ 308.224677] ret_from_fork+0x10/0x20
<3>[ 308.225585]
<3>[ 308.226026] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 308.226026] which belongs to the cache kmalloc-256 of size 256
<3>[ 308.227713] The buggy address is located 201 bytes inside of
<3>[ 308.227713] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 308.231742]
<3>[ 308.232207] The buggy address belongs to the physical page:
<4>[ 308.233092] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 308.234503] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 308.235636] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 308.236980] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 308.240483] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 308.241663] page dumped because: kasan: bad access detected
<3>[ 308.242553]
<3>[ 308.242976] Memory state around the buggy address:
<3>[ 308.243823] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.244977] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 308.248378] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 308.249498] ^
<3>[ 308.250444] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.251598] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 308.252682] ==================================================================
<3>[ 308.320807] ==================================================================
<3>[ 308.326358] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc
<3>[ 308.328084] Write of size 1 at addr ffff00000cbb5cd0 by task kunit_try_catch/263
<3>[ 308.331414]
<3>[ 308.331899] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 314.195026] Hardware name: linux,dummy-virt (DT)
<3>[ 314.196122] Call trace:
<3>[ 314.196784] dump_backtrace+0xb8/0x130
<3>[ 314.200645] show_stack+0x20/0x60
<3>[ 314.203072] dump_stack_lvl+0x8c/0xb8
<3>[ 314.203986] print_report+0x2e4/0x620
<3>[ 314.204881] kasan_report+0xa8/0x1dc
<3>[ 314.207926] __asan_store1+0x88/0xb0
<3>[ 314.209004] krealloc_less_oob_helper+0x148/0x5fc
<3>[ 314.210248] krealloc_less_oob+0x18/0x2c
<3>[ 314.211288] kunit_try_run_case+0x8c/0x124
<3>[ 314.212241] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 314.215558] kthread+0x160/0x170
<3>[ 314.216417] ret_from_fork+0x10/0x20
<3>[ 314.217315]
<3>[ 314.217749] Allocated by task 263:
<4>[ 314.218421] kasan_save_stack+0x2c/0x5c
<4>[ 314.219315] __kasan_krealloc+0xf8/0x190
<4>[ 314.220222] krealloc+0x170/0x1d0
<4>[ 314.221062] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 314.224312] krealloc_less_oob+0x18/0x2c
<4>[ 314.225214] kunit_try_run_case+0x8c/0x124
<4>[ 314.226176] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 314.227326] kthread+0x160/0x170
<4>[ 314.228144] ret_from_fork+0x10/0x20
<3>[ 314.229004]
<3>[ 314.231567] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 314.231567] which belongs to the cache kmalloc-256 of size 256
<3>[ 314.233287] The buggy address is located 208 bytes inside of
<3>[ 314.233287] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 314.234942]
<3>[ 314.235374] The buggy address belongs to the physical page:
<4>[ 314.236251] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 314.239734] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 314.240886] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 314.242248] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 320.777665] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 320.778885] page dumped because: kasan: bad access detected
<3>[ 320.779770]
<3>[ 320.780193] Memory state around the buggy address:
<3>[ 320.781294] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.782783] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 320.786509] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 320.787937] ^
<3>[ 320.790699] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.791872] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 320.792957] ==================================================================
<3>[ 320.815418] ==================================================================
<3>[ 320.816540] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc
<3>[ 320.818548] Write of size 1 at addr ffff00000cbb5cda by task kunit_try_catch/263
<3>[ 320.820050]
<3>[ 320.820585] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 320.823639] Hardware name: linux,dummy-virt (DT)
<3>[ 320.824456] Call trace:
<3>[ 320.824997] dump_backtrace+0xb8/0x130
<3>[ 320.826706] show_stack+0x20/0x60
<3>[ 320.827517] dump_stack_lvl+0x8c/0xb8
<3>[ 320.828398] print_report+0x2e4/0x620
<3>[ 320.829300] kasan_report+0xa8/0x1dc
<3>[ 320.830588] __asan_store1+0x88/0xb0
<3>[ 320.831512] krealloc_less_oob_helper+0x198/0x5fc
<3>[ 320.832618] krealloc_less_oob+0x18/0x2c
<3>[ 320.833918] kunit_try_run_case+0x8c/0x124
<3>[ 320.834902] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 320.836064] kthread+0x160/0x170
<3>[ 320.836895] ret_from_fork+0x10/0x20
<3>[ 320.839617]
<3>[ 320.840061] Allocated by task 263:
<4>[ 320.840726] kasan_save_stack+0x2c/0x5c
<4>[ 320.842013] __kasan_krealloc+0xf8/0x190
<4>[ 328.027746] krealloc+0x170/0x1d0
<4>[ 328.035923] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 328.037175] krealloc_less_oob+0x18/0x2c
<4>[ 328.038504] kunit_try_run_case+0x8c/0x124
<4>[ 328.039453] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 328.040661] kthread+0x160/0x170
<4>[ 328.042058] ret_from_fork+0x10/0x20
<3>[ 328.042956]
<3>[ 328.043384] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 328.043384] which belongs to the cache kmalloc-256 of size 256
<3>[ 328.045063] The buggy address is located 218 bytes inside of
<3>[ 328.045063] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 328.047114]
<3>[ 328.047553] The buggy address belongs to the physical page:
<4>[ 328.048435] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 328.050199] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 328.051349] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 328.052694] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 328.056115] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 328.057288] page dumped because: kasan: bad access detected
<3>[ 328.058562]
<3>[ 328.058990] Memory state around the buggy address:
<3>[ 328.059836] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.060987] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 328.062542] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 328.063641] ^
<3>[ 328.064626] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.066172] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 328.067278] ==================================================================
<3>[ 328.086168] ==================================================================
<3>[ 335.980588] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 335.983629] Write of size 1 at addr ffff00000cbb5cea by task kunit_try_catch/263
<3>[ 335.984822]
<3>[ 335.985678] CPU: 1 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 335.987026] Hardware name: linux,dummy-virt (DT)
<3>[ 335.987828] Call trace:
<3>[ 335.988368] dump_backtrace+0xb8/0x130
<3>[ 335.989239] show_stack+0x20/0x60
<3>[ 335.996257] dump_stack_lvl+0x8c/0xb8
<3>[ 335.997145] print_report+0x2e4/0x620
<3>[ 335.998470] kasan_report+0xa8/0x1dc
<3>[ 335.999353] __asan_store1+0x88/0xb0
<3>[ 336.000240] krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 336.001248] krealloc_less_oob+0x18/0x2c
<3>[ 336.002559] kunit_try_run_case+0x8c/0x124
<3>[ 336.003513] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 336.004670] kthread+0x160/0x170
<3>[ 336.005883] ret_from_fork+0x10/0x20
<3>[ 336.006794]
<3>[ 336.007222] Allocated by task 263:
<4>[ 336.007885] kasan_save_stack+0x2c/0x5c
<4>[ 336.008777] __kasan_krealloc+0xf8/0x190
<4>[ 336.011504] krealloc+0x170/0x1d0
<4>[ 336.012375] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 336.013741] krealloc_less_oob+0x18/0x2c
<4>[ 336.014664] kunit_try_run_case+0x8c/0x124
<4>[ 336.015608] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 336.016755] kthread+0x160/0x170
<4>[ 336.017960] ret_from_fork+0x10/0x20
<3>[ 336.018856]
<3>[ 336.019282] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 336.019282] which belongs to the cache kmalloc-256 of size 256
<3>[ 336.020964] The buggy address is located 234 bytes inside of
<3>[ 336.020964] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 336.023009]
<3>[ 336.023453] The buggy address belongs to the physical page:
<4>[ 336.024337] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 336.026102] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 344.662423] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 344.664201] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 344.667296] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 344.668475] page dumped because: kasan: bad access detected
<3>[ 344.669744]
<3>[ 344.670203] Memory state around the buggy address:
<3>[ 344.671054] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.672210] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 344.673742] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 344.674863] ^
<3>[ 344.675909] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.677062] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 344.678552] ==================================================================
<3>[ 344.683525] ==================================================================
<3>[ 344.684679] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 344.686088] Write of size 1 at addr ffff00000cbb5ceb by task kunit_try_catch/263
<3>[ 344.687253]
<3>[ 344.687711] CPU: 0 PID: 263 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 344.689404] Hardware name: linux,dummy-virt (DT)
<3>[ 344.690417] Call trace:
<3>[ 344.693187] dump_backtrace+0xb8/0x130
<3>[ 344.697115] show_stack+0x20/0x60
<3>[ 344.697970] dump_stack_lvl+0x8c/0xb8
<3>[ 344.698863] print_report+0x2e4/0x620
<3>[ 344.699917] kasan_report+0xa8/0x1dc
<3>[ 344.700955] __asan_store1+0x88/0xb0
<3>[ 344.702028] krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 344.704835] krealloc_less_oob+0x18/0x2c
<3>[ 344.706577] kunit_try_run_case+0x8c/0x124
<3>[ 344.707555] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 354.104360] kthread+0x160/0x170
<3>[ 354.110342] ret_from_fork+0x10/0x20
<3>[ 354.110996]
<3>[ 354.111291] Allocated by task 263:
<4>[ 354.111770] kasan_save_stack+0x2c/0x5c
<4>[ 354.112378] __kasan_krealloc+0xf8/0x190
<4>[ 354.112990] krealloc+0x170/0x1d0
<4>[ 354.119295] krealloc_less_oob_helper+0xd4/0x5fc
<4>[ 354.120318] krealloc_less_oob+0x18/0x2c
<4>[ 354.121209] kunit_try_run_case+0x8c/0x124
<4>[ 354.122961] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 354.124115] kthread+0x160/0x170
<4>[ 354.124938] ret_from_fork+0x10/0x20
<3>[ 354.127547]
<3>[ 354.127986] The buggy address belongs to the object at ffff00000cbb5c00
<3>[ 354.127986] which belongs to the cache kmalloc-256 of size 256
<3>[ 354.130426] The buggy address is located 235 bytes inside of
<3>[ 354.130426] 256-byte region [ffff00000cbb5c00, ffff00000cbb5d00)
<3>[ 354.132095]
<3>[ 354.132528] The buggy address belongs to the physical page:
<4>[ 354.135162] page:0000000071f5b5fc refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4cbb4
<4>[ 354.136553] head:0000000071f5b5fc order:1 compound_mapcount:0 compound_pincount:0
<4>[ 354.138442] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 354.139806] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 354.141062] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 354.143940] page dumped because: kasan: bad access detected
<3>[ 354.144837]
<3>[ 354.145278] Memory state around the buggy address:
<3>[ 354.146880] ffff00000cbb5b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 354.148040] ffff00000cbb5c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 354.149194] >ffff00000cbb5c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc
<3>[ 354.152042] ^
<3>[ 354.153092] ffff00000cbb5d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 364.370608] ffff00000cbb5d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 364.371472] ==================================================================
<6>[ 364.385130] ok 11 - krealloc_less_oob
<3>[ 364.398759] ==================================================================
<3>[ 364.400797] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x140/0x3a4
<3>[ 364.403802] Write of size 1 at addr ffff00000ca4e0eb by task kunit_try_catch/264
<3>[ 364.404988]
<3>[ 364.406321] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 364.407658] Hardware name: linux,dummy-virt (DT)
<3>[ 364.408457] Call trace:
<3>[ 364.408995] dump_backtrace+0xb8/0x130
<3>[ 364.411661] show_stack+0x20/0x60
<3>[ 364.412479] dump_stack_lvl+0x8c/0xb8
<3>[ 364.414117] print_report+0x2e4/0x620
<3>[ 364.415042] kasan_report+0xa8/0x1dc
<3>[ 364.415922] __asan_store1+0x88/0xb0
<3>[ 364.416806] krealloc_more_oob_helper+0x140/0x3a4
<3>[ 364.419576] krealloc_pagealloc_more_oob+0x18/0x2c
<3>[ 364.420628] kunit_try_run_case+0x8c/0x124
<3>[ 364.422347] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 364.423533] kthread+0x160/0x170
<3>[ 364.424365] ret_from_fork+0x10/0x20
<3>[ 364.425247]
<3>[ 364.427469] The buggy address belongs to the physical page:
<4>[ 364.428361] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c
<4>[ 364.430493] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 375.450310] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 375.451624] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 375.452566] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 375.461463] page dumped because: kasan: bad access detected
<3>[ 375.462379]
<3>[ 375.462819] Memory state around the buggy address:
<3>[ 375.463660] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 375.464793] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 375.467732] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
<3>[ 375.468838] ^
<3>[ 375.470662] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 375.471835] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 375.472921] ==================================================================
<3>[ 375.494442] ==================================================================
<3>[ 375.495532] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x174/0x3a4
<3>[ 375.496886] Write of size 1 at addr ffff00000ca4e0f0 by task kunit_try_catch/264
<3>[ 375.498100]
<3>[ 375.498563] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 375.499873] Hardware name: linux,dummy-virt (DT)
<3>[ 375.500669] Call trace:
<3>[ 375.501208] dump_backtrace+0xb8/0x130
<3>[ 375.502268] show_stack+0x20/0x60
<3>[ 375.503215] dump_stack_lvl+0x8c/0xb8
<3>[ 375.507730] print_report+0x2e4/0x620
<3>[ 375.508649] kasan_report+0xa8/0x1dc
<3>[ 375.512786] __asan_store1+0x88/0xb0
<3>[ 375.513744] krealloc_more_oob_helper+0x174/0x3a4
<3>[ 375.514771] krealloc_pagealloc_more_oob+0x18/0x2c
<3>[ 375.515794] kunit_try_run_case+0x8c/0x124
<3>[ 375.516934] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 387.444513] kthread+0x160/0x170
<3>[ 387.453784] ret_from_fork+0x10/0x20
<3>[ 387.454892]
<3>[ 387.455404] The buggy address belongs to the physical page:
<4>[ 387.456536] page:00000000da707168 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca4c
<4>[ 387.460639] head:00000000da707168 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 387.462642] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 387.463945] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 387.465195] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 387.468303] page dumped because: kasan: bad access detected
<3>[ 387.469193]
<3>[ 387.470465] Memory state around the buggy address:
<3>[ 387.471325] ffff00000ca4df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 387.472490] ffff00000ca4e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 387.475624] >ffff00000ca4e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe
<3>[ 387.476727] ^
<3>[ 387.478640] ffff00000ca4e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 387.479812] ffff00000ca4e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 387.480898] ==================================================================
<6>[ 387.499418] ok 12 - krealloc_pagealloc_more_oob
<3>[ 387.522421] ==================================================================
<3>[ 387.524717] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x114/0x5fc
<3>[ 387.529468] Write of size 1 at addr ffff00000ca620c9 by task kunit_try_catch/265
<3>[ 387.531354]
<3>[ 387.531912] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 387.536074] Hardware name: linux,dummy-virt (DT)
<3>[ 387.536895] Call trace:
<3>[ 387.538310] dump_backtrace+0xb8/0x130
<3>[ 387.539201] show_stack+0x20/0x60
<3>[ 400.346541] dump_stack_lvl+0x8c/0xb8
<3>[ 400.347508] print_report+0x2e4/0x620
<3>[ 400.348418] kasan_report+0xa8/0x1dc
<3>[ 400.349366] __asan_store1+0x88/0xb0
<3>[ 400.350239] krealloc_less_oob_helper+0x114/0x5fc
<3>[ 400.358209] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 400.358935] kunit_try_run_case+0x8c/0x124
<3>[ 400.359578] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 400.360365] kthread+0x160/0x170
<3>[ 400.360914] ret_from_fork+0x10/0x20
<3>[ 400.365594]
<3>[ 400.366075] The buggy address belongs to the physical page:
<4>[ 400.366977] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 400.368352] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 400.369572] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 400.370922] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 400.372187] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 400.373391] page dumped because: kasan: bad access detected
<3>[ 400.374304]
<3>[ 400.374742] Memory state around the buggy address:
<3>[ 400.375618] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 400.376789] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 400.378058] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 400.379161] ^
<3>[ 400.380103] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 400.381275] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 400.382423] ==================================================================
<3>[ 400.387797] ==================================================================
<3>[ 400.388656] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x148/0x5fc
<3>[ 400.393663] Write of size 1 at addr ffff00000ca620d0 by task kunit_try_catch/265
<3>[ 414.124838]
<3>[ 414.131646] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 414.132980] Hardware name: linux,dummy-virt (DT)
<3>[ 414.133819] Call trace:
<3>[ 414.134391] dump_backtrace+0xb8/0x130
<3>[ 414.135282] show_stack+0x20/0x60
<3>[ 414.136094] dump_stack_lvl+0x8c/0xb8
<3>[ 414.136705] print_report+0x2e4/0x620
<3>[ 414.137342] kasan_report+0xa8/0x1dc
<3>[ 414.138252] __asan_store1+0x88/0xb0
<3>[ 414.139143] krealloc_less_oob_helper+0x148/0x5fc
<3>[ 414.140147] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 414.141162] kunit_try_run_case+0x8c/0x124
<3>[ 414.142148] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 414.143310] kthread+0x160/0x170
<3>[ 414.144141] ret_from_fork+0x10/0x20
<3>[ 414.145024]
<3>[ 414.145478] The buggy address belongs to the physical page:
<4>[ 414.146375] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 414.147746] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 414.148874] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 414.150172] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 414.151421] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 414.152562] page dumped because: kasan: bad access detected
<3>[ 414.153454]
<3>[ 414.153878] Memory state around the buggy address:
<3>[ 414.154733] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 414.155888] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 414.157039] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 414.158143] ^
<3>[ 414.159109] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 414.160262] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 414.161359] ==================================================================
<3>[ 428.864087] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 428.865769] rcu: 1-....: (1 ticks this GP) idle=060/0/0x0 softirq=862/862 fqs=5 (false positive?)
<4>[ 428.867401] (detected by 0, t=10332 jiffies, g=625, q=1 ncpus=2)
<6>[ 428.868497] Task dump for CPU 1:
<6>[ 428.869144] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 428.870982] Call trace:
<6>[ 428.871537] __switch_to+0x140/0x1e0
<6>[ 428.872393] 0xffff122e153fa700
<3>[ 428.873554] rcu: rcu_preempt kthread timer wakeup didn't happen for 7119 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 428.875157] rcu: Possible timer handling issue on cpu=0 timer-softirq=931
<3>[ 428.876354] rcu: rcu_preempt kthread starved for 7120 jiffies! g625 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<3>[ 428.877849] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 428.879103] rcu: RCU grace-period kthread stack dump:
<6>[ 428.879927] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 428.881306] Call trace:
<6>[ 428.881840] __switch_to+0x140/0x1e0
<6>[ 428.882692] __schedule+0x4f4/0xc74
<6>[ 428.883506] schedule+0x88/0x13c
<6>[ 428.884315] schedule_timeout+0x104/0x2b0
<6>[ 428.885328] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 428.886244] rcu_gp_kthread+0x278/0x3a0
<6>[ 428.887136] kthread+0x160/0x170
<6>[ 428.887965] ret_from_fork+0x10/0x20
<3>[ 428.888889] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 428.889766] Task dump for CPU 0:
<6>[ 428.890404] task:kunit_try_catch state:R running task stack: 0 pid: 265 ppid: 2 flags:0x00000008
<6>[ 428.892084] Call trace:
<6>[ 428.892622] dump_backtrace+0xb8/0x130
<6>[ 428.893498] show_stack+0x20/0x60
<6>[ 428.894302] sched_show_task+0x2a0/0x2d4
<6>[ 428.895297] dump_cpu_task+0x64/0x78
<6>[ 444.590961] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 444.596090] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 444.600696] update_process_times+0x90/0xec
<6>[ 444.601431] tick_sched_handle+0x70/0xa0
<6>[ 444.602073] tick_sched_timer+0x5c/0xd0
<6>[ 444.602686] __hrtimer_run_queues+0x234/0x5f0
<6>[ 444.603322] hrtimer_interrupt+0x198/0x384
<6>[ 444.603946] arch_timer_handler_virt+0x48/0x60
<6>[ 444.604651] handle_percpu_devid_irq+0xe0/0x300
<6>[ 444.605424] generic_handle_domain_irq+0x50/0x70
<6>[ 444.606547] gic_handle_irq+0x58/0x160
<6>[ 444.607387] call_on_irq_stack+0x2c/0x54
<6>[ 444.608298] do_interrupt_handler+0xc8/0xd0
<6>[ 444.609310] el1_interrupt+0x34/0x60
<6>[ 444.610275] el1h_64_irq_handler+0x18/0x2c
<6>[ 444.611309] el1h_64_irq+0x64/0x68
<6>[ 444.612111] _raw_spin_unlock_irqrestore+0x3c/0x84
<6>[ 444.613197] end_report.part.0+0x34/0x94
<6>[ 444.614269] kasan_report+0xb8/0x1dc
<6>[ 444.615146] __asan_store1+0x88/0xb0
<6>[ 444.616028] krealloc_less_oob_helper+0x148/0x5fc
<6>[ 444.617036] krealloc_pagealloc_less_oob+0x18/0x24
<6>[ 444.618077] kunit_try_run_case+0x8c/0x124
<6>[ 444.619030] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 444.620186] kthread+0x160/0x170
<6>[ 444.621013] ret_from_fork+0x10/0x20
<3>[ 444.625575] ==================================================================
<3>[ 444.629849] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x198/0x5fc
<3>[ 444.631499] Write of size 1 at addr ffff00000ca620da by task kunit_try_catch/265
<3>[ 444.632984]
<3>[ 444.633529] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 444.635376] Hardware name: linux,dummy-virt (DT)
<3>[ 444.636193] Call trace:
<3>[ 444.636731] dump_backtrace+0xb8/0x130
<3>[ 444.637611] show_stack+0x20/0x60
<3>[ 444.638417] dump_stack_lvl+0x8c/0xb8
<3>[ 444.639294] print_report+0x2e4/0x620
<3>[ 444.640183] kasan_report+0xa8/0x1dc
<3>[ 461.355489] __asan_store1+0x88/0xb0
<3>[ 461.365554] krealloc_less_oob_helper+0x198/0x5fc
<3>[ 461.366634] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 461.367663] kunit_try_run_case+0x8c/0x124
<3>[ 461.368616] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 461.369973] kthread+0x160/0x170
<3>[ 461.370970] ret_from_fork+0x10/0x20
<3>[ 461.372015]
<3>[ 461.373525] The buggy address belongs to the physical page:
<4>[ 461.374442] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 461.375817] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 461.376949] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 461.378257] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 461.379509] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 461.380653] page dumped because: kasan: bad access detected
<3>[ 461.381546]
<3>[ 461.381971] Memory state around the buggy address:
<3>[ 461.382827] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 461.383982] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 461.385136] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 461.386242] ^
<3>[ 461.387237] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 461.388393] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 461.389493] ==================================================================
<3>[ 461.404145] ==================================================================
<3>[ 461.405287] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 461.407304] Write of size 1 at addr ffff00000ca620ea by task kunit_try_catch/265
<3>[ 461.410665]
<3>[ 461.411145] CPU: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 479.198598] Hardware name: linux,dummy-virt (DT)
<3>[ 479.199486] Call trace:
<3>[ 479.200024] dump_backtrace+0xb8/0x130
<3>[ 479.200902] show_stack+0x20/0x60
<3>[ 479.201721] dump_stack_lvl+0x8c/0xb8
<3>[ 479.202616] print_report+0x2e4/0x620
<3>[ 479.203508] kasan_report+0xa8/0x1dc
<3>[ 479.204385] __asan_store1+0x88/0xb0
<3>[ 479.205285] krealloc_less_oob_helper+0x1c8/0x5fc
<3>[ 479.206315] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 479.207338] kunit_try_run_case+0x8c/0x124
<3>[ 479.208289] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 479.209465] kthread+0x160/0x170
<3>[ 479.210309] ret_from_fork+0x10/0x20
<3>[ 479.211195]
<3>[ 479.211627] The buggy address belongs to the physical page:
<4>[ 479.212510] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 479.213896] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 479.215036] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 479.216314] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 479.217574] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 479.218725] page dumped because: kasan: bad access detected
<3>[ 479.219606]
<3>[ 479.220029] Memory state around the buggy address:
<3>[ 479.220875] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 479.222047] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 479.223206] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 479.224291] ^
<3>[ 479.225351] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 479.226514] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 479.227598] ==================================================================
<3>[ 479.248101] ==================================================================
<3>[ 498.116221] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 498.126057] Write of size 1 at addr ffff00000ca620eb by task kunit_try_catch/265
<3>[ 498.127283]
<3>[ 498.127753] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 498.129065] Hardware name: linux,dummy-virt (DT)
<3>[ 498.129890] Call trace:
<3>[ 498.130441] dump_backtrace+0xb8/0x130
<3>[ 498.131319] show_stack+0x20/0x60
<3>[ 498.132116] dump_stack_lvl+0x8c/0xb8
<3>[ 498.132994] print_report+0x2e4/0x620
<3>[ 498.133943] kasan_report+0xa8/0x1dc
<3>[ 498.134832] __asan_store1+0x88/0xb0
<3>[ 498.135721] krealloc_less_oob_helper+0x1f4/0x5fc
<3>[ 498.136737] krealloc_pagealloc_less_oob+0x18/0x24
<3>[ 498.137778] kunit_try_run_case+0x8c/0x124
<3>[ 498.138743] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 498.139908] kthread+0x160/0x170
<3>[ 498.140743] ret_from_fork+0x10/0x20
<3>[ 498.141639]
<3>[ 498.142081] The buggy address belongs to the physical page:
<4>[ 498.142972] page:000000009c787604 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4ca60
<4>[ 498.144349] head:000000009c787604 order:2 compound_mapcount:0 compound_pincount:0
<4>[ 498.145495] flags: 0x3fffc0000010000(head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 498.146785] raw: 03fffc0000010000 0000000000000000 dead000000000122 0000000000000000
<4>[ 498.148043] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000
<4>[ 498.149191] page dumped because: kasan: bad access detected
<3>[ 498.150095]
<3>[ 498.150520] Memory state around the buggy address:
<3>[ 498.151373] ffff00000ca61f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 498.152530] ffff00000ca62000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<3>[ 498.153707] >ffff00000ca62080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe
<3>[ 498.154805] ^
<3>[ 518.166325] ffff00000ca62100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 518.169081] ffff00000ca62180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe
<3>[ 518.175996] ==================================================================
<6>[ 518.207072] ok 13 - krealloc_pagealloc_less_oob
<3>[ 518.275725] ==================================================================
<3>[ 518.278890] BUG: KASAN: use-after-free in krealloc_uaf+0xe8/0x2e4
<3>[ 518.280080] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266
<3>[ 518.281231]
<3>[ 518.281708] CPU: 0 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 518.283043] Hardware name: linux,dummy-virt (DT)
<3>[ 518.283841] Call trace:
<3>[ 518.284380] dump_backtrace+0xb8/0x130
<3>[ 518.285246] show_stack+0x20/0x60
<3>[ 518.286063] dump_stack_lvl+0x8c/0xb8
<3>[ 518.286944] print_report+0x2e4/0x620
<3>[ 518.287832] kasan_report+0xa8/0x1dc
<3>[ 518.288707] __kasan_check_byte+0x58/0x70
<3>[ 518.289652] krealloc+0x11c/0x1d0
<3>[ 518.290513] krealloc_uaf+0xe8/0x2e4
<3>[ 518.291361] kunit_try_run_case+0x8c/0x124
<3>[ 518.292311] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 518.293480] kthread+0x160/0x170
<3>[ 518.294321] ret_from_fork+0x10/0x20
<3>[ 518.295205]
<3>[ 518.295636] Allocated by task 266:
<4>[ 518.296299] kasan_save_stack+0x2c/0x5c
<4>[ 518.297194] __kasan_kmalloc+0xac/0x104
<4>[ 539.404461] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 539.411198] krealloc_uaf+0xac/0x2e4
<4>[ 539.412071] kunit_try_run_case+0x8c/0x124
<4>[ 539.413019] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 539.414204] kthread+0x160/0x170
<4>[ 539.415016] ret_from_fork+0x10/0x20
<3>[ 539.425613]
<3>[ 539.426082] Freed by task 266:
<4>[ 539.426602] kasan_save_stack+0x2c/0x5c
<4>[ 539.427350] kasan_set_track+0x2c/0x40
<4>[ 539.428073] kasan_set_free_info+0x28/0x50
<4>[ 539.428892] ____kasan_slab_free+0x15c/0x1b4
<4>[ 539.429886] __kasan_slab_free+0x18/0x2c
<4>[ 539.430810] slab_free_freelist_hook+0xbc/0x220
<4>[ 539.431907] kfree+0xe0/0x3f0
<4>[ 539.433314] krealloc_uaf+0xc4/0x2e4
<4>[ 539.434187] kunit_try_run_case+0x8c/0x124
<4>[ 539.435133] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 539.436283] kthread+0x160/0x170
<4>[ 539.437103] ret_from_fork+0x10/0x20
<3>[ 539.438008]
<3>[ 539.438448] The buggy address belongs to the object at ffff00000d4e9200
<3>[ 539.438448] which belongs to the cache kmalloc-256 of size 256
<3>[ 539.440454] The buggy address is located 0 bytes inside of
<3>[ 539.440454] 256-byte region [ffff00000d4e9200, ffff00000d4e9300)
<3>[ 539.442106]
<3>[ 539.442541] The buggy address belongs to the physical page:
<4>[ 539.443435] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8
<4>[ 539.444976] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0
<4>[ 539.446143] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 539.447498] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 539.448788] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000
<4>[ 539.449957] page dumped because: kasan: bad access detected
<3>[ 539.450863]
<3>[ 539.451285] Memory state around the buggy address:
<3>[ 539.452133] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.792589] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.793888] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 561.795001] ^
<3>[ 561.795708] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 561.796779] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 561.797628] ==================================================================
<3>[ 561.915354] ==================================================================
<3>[ 561.916385] BUG: KASAN: use-after-free in krealloc_uaf+0x114/0x2e4
<3>[ 561.917241] Read of size 1 at addr ffff00000d4e9200 by task kunit_try_catch/266
<3>[ 561.922392]
<3>[ 561.922861] CPU: 1 PID: 266 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 561.924185] Hardware name: linux,dummy-virt (DT)
<3>[ 561.924989] Call trace:
<3>[ 561.925541] dump_backtrace+0xb8/0x130
<3>[ 561.926429] show_stack+0x20/0x60
<3>[ 561.927225] dump_stack_lvl+0x8c/0xb8
<3>[ 561.928109] print_report+0x2e4/0x620
<3>[ 561.929005] kasan_report+0xa8/0x1dc
<3>[ 561.929904] __asan_load1+0x88/0xb0
<3>[ 561.930784] krealloc_uaf+0x114/0x2e4
<3>[ 561.931650] kunit_try_run_case+0x8c/0x124
<3>[ 561.932606] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 561.933774] kthread+0x160/0x170
<3>[ 561.934626] ret_from_fork+0x10/0x20
<3>[ 561.935508]
<3>[ 561.935938] Allocated by task 266:
<4>[ 561.936611] kasan_save_stack+0x2c/0x5c
<4>[ 561.937519] __kasan_kmalloc+0xac/0x104
<4>[ 561.938425] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 561.939388] krealloc_uaf+0xac/0x2e4
<4>[ 561.940231] kunit_try_run_case+0x8c/0x124
<4>[ 561.941170] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 561.942350] kthread+0x160/0x170
<4>[ 561.943172] ret_from_fork+0x10/0x20
<3>[ 561.944041]
<3>[ 561.944466] Freed by task 266:
<4>[ 561.945089] kasan_save_stack+0x2c/0x5c
<4>[ 585.440772] kasan_set_track+0x2c/0x40
<4>[ 585.441635] kasan_set_free_info+0x28/0x50
<4>[ 585.442468] ____kasan_slab_free+0x15c/0x1b4
<4>[ 585.443258] __kasan_slab_free+0x18/0x2c
<4>[ 585.444020] slab_free_freelist_hook+0xbc/0x220
<4>[ 585.444942] kfree+0xe0/0x3f0
<4>[ 585.445555] krealloc_uaf+0xc4/0x2e4
<4>[ 585.446431] kunit_try_run_case+0x8c/0x124
<4>[ 585.447390] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 585.448537] kthread+0x160/0x170
<4>[ 585.449371] ret_from_fork+0x10/0x20
<3>[ 585.450251]
<3>[ 585.450678] The buggy address belongs to the object at ffff00000d4e9200
<3>[ 585.450678] which belongs to the cache kmalloc-256 of size 256
<3>[ 585.452386] The buggy address is located 0 bytes inside of
<3>[ 585.452386] 256-byte region [ffff00000d4e9200, ffff00000d4e9300)
<3>[ 585.454057]
<3>[ 585.454493] The buggy address belongs to the physical page:
<4>[ 585.455383] page:000000002e844232 refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff00000d4e9000 pfn:0x4d4e8
<4>[ 585.456925] head:000000002e844232 order:1 compound_mapcount:0 compound_pincount:0
<4>[ 585.458101] flags: 0x3fffc0000010200(slab|head|node=0|zone=0|lastcpupid=0xffff)
<4>[ 585.459469] raw: 03fffc0000010200 0000000000000000 dead000000000122 ffff000006802480
<4>[ 585.460745] raw: ffff00000d4e9000 0000000080100007 00000001ffffffff 0000000000000000
<4>[ 585.461910] page dumped because: kasan: bad access detected
<3>[ 585.462808]
<3>[ 585.463231] Memory state around the buggy address:
<3>[ 585.464078] ffff00000d4e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 585.465248] ffff00000d4e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 585.466435] >ffff00000d4e9200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 585.467529] ^
<3>[ 585.468218] ffff00000d4e9280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<3>[ 585.469392] ffff00000d4e9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 610.277617] ==================================================================
<6>[ 610.346570] ok 14 - krealloc_uaf
<3>[ 610.356970] ==================================================================
<3>[ 610.360721] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xf8/0x260
<3>[ 610.362805] Write of size 16 at addr ffff0000073e1700 by task kunit_try_catch/268
<3>[ 610.364004]
<3>[ 610.364463] CPU: 0 PID: 268 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 610.367499] Hardware name: linux,dummy-virt (DT)
<3>[ 610.368326] Call trace:
<3>[ 610.368866] dump_backtrace+0xb8/0x130
<3>[ 610.370477] show_stack+0x20/0x60
<3>[ 610.371310] dump_stack_lvl+0x8c/0xb8
<3>[ 610.372189] print_report+0x2e4/0x620
<3>[ 610.373085] kasan_report+0xa8/0x1dc
<3>[ 610.375659] __asan_store16+0x90/0xc0
<3>[ 610.376579] kmalloc_oob_16+0xf8/0x260
<3>[ 610.378176] kunit_try_run_case+0x8c/0x124
<3>[ 610.379163] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 610.380323] kthread+0x160/0x170
<3>[ 610.381160] ret_from_fork+0x10/0x20
<3>[ 610.383736]
<3>[ 610.384176] Allocated by task 268:
<4>[ 610.384841] kasan_save_stack+0x2c/0x5c
<4>[ 610.386488] __kasan_kmalloc+0xac/0x104
<4>[ 610.387408] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 610.388379] kmalloc_oob_16+0xa4/0x260
<4>[ 610.389225] kunit_try_run_case+0x8c/0x124
<4>[ 610.391952] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 610.393115] kthread+0x160/0x170
<4>[ 610.394714] ret_from_fork+0x10/0x20
<3>[ 610.395597]
<3>[ 610.396023] The buggy address belongs to the object at ffff0000073e1700
<3>[ 610.396023] which belongs to the cache kmalloc-128 of size 128
<3>[ 610.399453] The buggy address is located 0 bytes inside of
<3>[ 610.399453] 128-byte region [ffff0000073e1700, ffff0000073e1780)
<3>[ 610.401108]
<3>[ 610.402287] The buggy address belongs to the physical page:
<4>[ 610.403197] page:00000000beb18009 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x473e1
<3>[ 636.505626] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<4>[ 636.507902] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 636.508426] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<4>[ 636.508739] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 636.508937] page dumped because: kasan: bad access detected
<3>[ 636.509082]
<3>[ 636.509169] Memory state around the buggy address:
<3>[ 636.509379] ffff0000073e1600: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.509633] ffff0000073e1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.509864] >ffff0000073e1700: 00 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 636.517622] rcu: 0-...!: (17 ticks this GP) idle=f53/1/0x4000000000000000 softirq=982/985 fqs=5
<3>[ 636.518384] ^
<4>[ 636.519388] (detected by 1, t=6535 jiffies, g=641, q=3 ncpus=2)
<3>[ 636.519922] ffff0000073e1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 636.521577] Task dump for CPU 0:
<6>[ 636.522233] task:kunit_try_catch state:R running task stack: 0 pid: 268 ppid: 2 flags:0x00000008
<6>[ 636.523958] Call trace:
<6>[ 636.524499] __switch_to+0x140/0x1e0
<6>[ 636.525355] kmalloc_oob_16+0xf8/0x260
<3>[ 636.525462] ffff0000073e1800: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 636.525663] kunit_try_run_case+0x8c/0x124
<6>[ 636.526195] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 636.527039] ==================================================================
<6>[ 636.527586] kthread+0x160/0x170
<6>[ 636.529709] ret_from_fork+0x10/0x20
<3>[ 636.530666] rcu: rcu_preempt kthread timer wakeup didn't happen for 6524 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 636.532255] rcu: Possible timer handling issue on cpu=1 timer-softirq=2755
<3>[ 636.533343] rcu: rcu_preempt kthread starved for 6525 jiffies! g641 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<6>[ 663.952374] ok 15 - kmalloc_oob_16
<3>[ 663.958068] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 663.958253] rcu: RCU grace-period kthread stack dump:
<6>[ 663.958357] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 663.958683] Call trace:
<6>[ 663.958772] __switch_to+0x140/0x1e0
<6>[ 663.959049] __schedule+0x4f4/0xc74
<6>[ 663.959306] schedule+0x88/0x13c
<6>[ 663.959543] schedule_timeout+0x104/0x2b0
<6>[ 663.959860] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 663.960479] rcu_gp_kthread+0x278/0x3a0
<6>[ 663.960798] kthread+0x160/0x170
<6>[ 663.961124] ret_from_fork+0x10/0x20
<3>[ 663.961482] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 663.961606] Task dump for CPU 1:
<6>[ 663.961724] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 663.962179] Call trace:
<6>[ 663.962294] dump_backtrace+0xb8/0x130
<6>[ 663.962596] show_stack+0x20/0x60
<6>[ 663.962877] sched_show_task+0x2a0/0x2d4
<6>[ 663.963285] dump_cpu_task+0x64/0x78
<6>[ 663.963675] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 663.964150] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 663.964502] update_process_times+0x90/0xec
<6>[ 663.964949] tick_sched_handle+0x70/0xa0
<6>[ 663.965318] tick_sched_timer+0x5c/0xd0
<6>[ 663.965664] __hrtimer_run_queues+0x234/0x5f0
<6>[ 663.965971] hrtimer_interrupt+0x198/0x384
<6>[ 663.966285] arch_timer_handler_virt+0x48/0x60
<6>[ 663.966667] handle_percpu_devid_irq+0xe0/0x300
<6>[ 663.967038] generic_handle_domain_irq+0x50/0x70
<6>[ 663.967479] gic_handle_irq+0x58/0x160
<6>[ 663.967752] call_on_irq_stack+0x2c/0x54
<6>[ 663.968097] do_interrupt_handler+0xc8/0xd0
<6>[ 663.968502] el1_interrupt+0x34/0x60
<6>[ 663.968911] el1h_64_irq_handler+0x18/0x2c
<6>[ 663.977972] el1h_64_irq+0x64/0x68
<6>[ 663.978271] arch_local_irq_enable+0xc/0x20
<6>[ 663.978572] default_idle_call+0x5c/0x248
<6>[ 663.978959] do_idle+0x318/0x3a0
<6>[ 663.979278] cpu_startup_entry+0x2c/0x3c
<6>[ 663.979624] secondary_start_kernel+0x248/0x274
<6>[ 663.980064] __secondary_switched+0xa0/0xa4
<3>[ 692.787834] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 692.801424] rcu: 0-...!: (1 ticks this GP) idle=f53/1/0x4000000000000000 softirq=989/989 fqs=3
<4>[ 692.802918] (detected by 1, t=7196 jiffies, g=645, q=4 ncpus=2)
<6>[ 692.803928] Task dump for CPU 0:
<6>[ 692.804638] task:swapper/0 state:R running task stack: 0 pid: 1 ppid: 0 flags:0x0000000a
<6>[ 692.806821] Call trace:
<6>[ 692.809663] __switch_to+0x140/0x1e0
<6>[ 692.810747] __schedule+0x4f4/0xc74
<6>[ 692.811744] preempt_schedule+0x84/0xe4
<6>[ 692.821744] vprintk_emit+0x144/0x314
<6>[ 692.822718] vprintk_default+0x40/0x4c
<6>[ 692.823667] vprintk+0x110/0x130
<6>[ 692.824530] _printk+0xb0/0xe8
<6>[ 692.825414] kunit_print_ok_not_ok+0xd4/0x178
<6>[ 692.826393] kunit_run_tests+0x42c/0x750
<6>[ 692.827328] __kunit_test_suites_init+0x74/0xa0
<6>[ 692.828333] kunit_run_all_tests+0x160/0x380
<6>[ 692.837709] kernel_init_freeable+0x32c/0x388
<6>[ 692.838768] kernel_init+0x2c/0x150
<6>[ 692.839574] ret_from_fork+0x10/0x20
<3>[ 692.853357] rcu: rcu_preempt kthread timer wakeup didn't happen for 7179 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200
<3>[ 692.855016] rcu: Possible timer handling issue on cpu=1 timer-softirq=2760
<3>[ 692.856068] rcu: rcu_preempt kthread starved for 7180 jiffies! g645 f0x2 RCU_GP_WAIT_FQS(5) ->state=0x200 ->cpu=1
<3>[ 692.857902] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 692.859575] rcu: RCU grace-period kthread stack dump:
<6>[ 692.864966] task:rcu_preempt state:R stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 692.866433] Call trace:
<6>[ 722.970823] __switch_to+0x140/0x1e0
<6>[ 722.979962] __schedule+0x4f4/0xc74
<6>[ 722.980845] schedule+0x88/0x13c
<6>[ 722.981663] schedule_timeout+0x104/0x2b0
<6>[ 722.982655] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 722.983547] rcu_gp_kthread+0x278/0x3a0
<6>[ 722.984440] kthread+0x160/0x170
<6>[ 722.985300] ret_from_fork+0x10/0x20
<3>[ 722.986202] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 722.987056] Task dump for CPU 1:
<6>[ 722.987682] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 722.989539] Call trace:
<6>[ 722.990100] dump_backtrace+0xb8/0x130
<6>[ 722.990974] show_stack+0x20/0x60
<6>[ 722.991772] sched_show_task+0x2a0/0x2d4
<6>[ 722.992766] dump_cpu_task+0x64/0x78
<6>[ 722.993721] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 722.994924] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 722.995908] update_process_times+0x90/0xec
<6>[ 722.996954] tick_sched_handle+0x70/0xa0
<6>[ 722.997902] tick_sched_timer+0x5c/0xd0
<6>[ 722.998832] __hrtimer_run_queues+0x234/0x5f0
<6>[ 722.999761] hrtimer_interrupt+0x198/0x384
<6>[ 723.000648] arch_timer_handler_virt+0x48/0x60
<6>[ 723.001675] handle_percpu_devid_irq+0xe0/0x300
<6>[ 723.002686] generic_handle_domain_irq+0x50/0x70
<6>[ 723.003779] gic_handle_irq+0x58/0x160
<6>[ 723.004612] call_on_irq_stack+0x2c/0x54
<6>[ 723.005538] do_interrupt_handler+0xc8/0xd0
<6>[ 723.006556] el1_interrupt+0x34/0x60
<6>[ 723.007499] el1h_64_irq_handler+0x18/0x2c
<6>[ 723.008536] el1h_64_irq+0x64/0x68
<6>[ 723.009343] finish_task_switch.isra.0+0xc0/0x33c
<6>[ 723.010477] __schedule+0x4f8/0xc74
<6>[ 723.011300] schedule_idle+0x38/0x60
<6>[ 723.012150] do_idle+0x278/0x3a0
<6>[ 723.012974] cpu_startup_entry+0x2c/0x3c
<6>[ 723.013902] secondary_start_kernel+0x248/0x274
<6>[ 723.014994] __secondary_switched+0xa0/0xa4
<3>[ 723.104414] ==================================================================
<3>[ 754.602721] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x108/0x260
<3>[ 754.603637] Read of size 16 at addr ffff0000076a4b00 by task kunit_try_catch/269
<3>[ 754.604508]
<3>[ 754.604821] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 754.613119] Hardware name: linux,dummy-virt (DT)
<3>[ 754.615175] Call trace:
<3>[ 754.615739] dump_backtrace+0xb8/0x130
<3>[ 754.616630] show_stack+0x20/0x60
<3>[ 754.619295] dump_stack_lvl+0x8c/0xb8
<3>[ 754.620222] print_report+0x2e4/0x620
<3>[ 754.621113] kasan_report+0xa8/0x1dc
<3>[ 754.622787] __asan_load16+0x8c/0xc0
<3>[ 754.623701] kmalloc_uaf_16+0x108/0x260
<3>[ 754.624570] kunit_try_run_case+0x8c/0x124
<3>[ 754.627291] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 754.628479] kthread+0x160/0x170
<3>[ 754.630072] ret_from_fork+0x10/0x20
<3>[ 754.630993]
<3>[ 754.631432] Allocated by task 269:
<4>[ 754.632106] kasan_save_stack+0x2c/0x5c
<4>[ 754.633004] __kasan_kmalloc+0xac/0x104
<4>[ 754.635764] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 754.636749] kmalloc_uaf_16+0xcc/0x260
<4>[ 754.638380] kunit_try_run_case+0x8c/0x124
<4>[ 754.639350] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 754.640503] kthread+0x160/0x170
<4>[ 754.643091] ret_from_fork+0x10/0x20
<3>[ 754.644003]
<3>[ 754.644433] Freed by task 269:
<4>[ 754.645069] kasan_save_stack+0x2c/0x5c
<4>[ 754.646727] kasan_set_track+0x2c/0x40
<4>[ 754.647618] kasan_set_free_info+0x28/0x50
<4>[ 754.648601] ____kasan_slab_free+0x15c/0x1b4
<4>[ 754.651295] __kasan_slab_free+0x18/0x2c
<4>[ 754.652239] slab_free_freelist_hook+0xbc/0x220
<4>[ 754.654100] kfree+0xe0/0x3f0
<4>[ 754.654865] kmalloc_uaf_16+0xec/0x260
<4>[ 754.655715] kunit_try_run_case+0x8c/0x124
<4>[ 754.656664] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 754.659580] kthread+0x160/0x170
<4>[ 754.660432] ret_from_fork+0x10/0x20
<3>[ 787.654942] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 787.657573]
<3>[ 787.657705] The buggy address belongs to the object at ffff0000076a4b00
<3>[ 787.657705] which belongs to the cache kmalloc-128 of size 128
<3>[ 787.657963] The buggy address is located 0 bytes inside of
<3>[ 787.657963] 128-byte region [ffff0000076a4b00, ffff0000076a4b80)
<3>[ 787.658249]
<3>[ 787.658352] The buggy address belongs to the physical page:
<4>[ 787.658494] page:000000003b08944c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a4
<4>[ 787.658772] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 787.659202] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<4>[ 787.659498] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 787.659673] page dumped because: kasan: bad access detected
<3>[ 787.669751] rcu: 0-...!: (1 GPs behind) idle=f5b/1/0x4000000000000000 softirq=989/990 fqs=6
<3>[ 787.670378]
<3>[ 787.670469] Memory state around the buggy address:
<4>[ 787.671365] (detected by 1, t=8260 jiffies, g=649, q=3 ncpus=2)
<6>[ 787.671669] Task dump for CPU 0:
<3>[ 787.672321] ffff0000076a4a00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 787.672985] task:kunit_try_catch state:R
<3>[ 787.673535] ffff0000076a4a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<4>[ 787.674313] running task
<3>[ 787.674908] >ffff0000076a4b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<4>[ 787.677098] stack: 0 pid: 269 ppid: 2 flags:0x00000008
<6>[ 787.678109] Call trace:
<6>[ 787.678650] __switch_to+0x140/0x1e0
<6>[ 787.679522] kmalloc_uaf_16+0x108/0x260
<6>[ 787.680399] kunit_try_run_case+0x8c/0x124
<3>[ 787.681389] ^
<6>[ 787.681345] kunit_generic_run_threadfn_adapter+0x38/0x54
<3>[ 787.682058] ffff0000076a4b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 787.682666] kthread+0x160/0x170
<3>[ 787.683582] ffff0000076a4c00: 05 fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<6>[ 843.703890] ret_from_fork+0x10/0x20
<3>[ 843.704781] rcu: rcu_preempt kthread timer wakeup didn't happen for 8247 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 843.705063] rcu: Possible timer handling issue on cpu=1 timer-softirq=2769
<3>[ 843.705317] rcu: rcu_preempt kthread starved for 8248 jiffies! g649 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<3>[ 843.705600] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 843.705761] rcu: RCU grace-period kthread stack dump:
<6>[ 843.705882] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 843.706277] Call trace:
<6>[ 843.706382] __switch_to+0x140/0x1e0
<6>[ 843.706670] __schedule+0x4f4/0xc74
<6>[ 843.707792] schedule+0x88/0x13c
<6>[ 843.708248] schedule_timeout+0x104/0x2b0
<6>[ 843.708931] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 843.709395] rcu_gp_kthread+0x278/0x3a0
<6>[ 843.709877] kthread+0x160/0x170
<6>[ 843.710353] ret_from_fork+0x10/0x20
<3>[ 843.710837] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 843.711118] Task dump for CPU 1:
<6>[ 843.711251] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<6>[ 843.711995] Call trace:
<6>[ 843.712117] dump_backtrace+0xb8/0x130
<6>[ 843.712567] show_stack+0x20/0x60
<3>[ 843.715340] ==================================================================
<6>[ 843.717388] sched_show_task+0x2a0/0x2d4
<6>[ 843.717706] dump_cpu_task+0x64/0x78
<6>[ 843.718111] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 843.718590] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 843.718936] update_process_times+0x90/0xec
<6>[ 843.719383] tick_sched_handle+0x70/0xa0
<6>[ 843.719743] tick_sched_timer+0x5c/0xd0
<6>[ 843.720084] __hrtimer_run_queues+0x234/0x5f0
<6>[ 843.720387] hrtimer_interrupt+0x198/0x384
<6>[ 843.720675] arch_timer_handler_virt+0x48/0x60
<6>[ 843.721047] handle_percpu_devid_irq+0xe0/0x300
<6>[ 843.721425] generic_handle_domain_irq+0x50/0x70
<6>[ 843.721859] gic_handle_irq+0x58/0x160
<6>[ 843.722144] call_on_irq_stack+0x2c/0x54
<6>[ 843.722487] do_interrupt_handler+0xc8/0xd0
<6>[ 843.722880] el1_interrupt+0x34/0x60
<6>[ 843.723285] el1h_64_irq_handler+0x18/0x2c
<6>[ 843.723727] el1h_64_irq+0x64/0x68
<6>[ 843.723997] arch_local_irq_enable+0xc/0x20
<6>[ 843.724308] default_idle_call+0x5c/0x248
<6>[ 843.724692] do_idle+0x318/0x3a0
<6>[ 843.725008] cpu_startup_entry+0x30/0x3c
<6>[ 843.746230] ok 16 - kmalloc_uaf_16
<6>[ 879.843310] secondary_start_kernel+0x248/0x274
<6>[ 879.844977] __secondary_switched+0xa0/0xa4
<3>[ 879.890433] ==================================================================
<3>[ 879.891656] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd8/0x1e0
<3>[ 879.892974] Write of size 128 at addr ffff00000769d700 by task kunit_try_catch/270
<3>[ 879.894220]
<3>[ 879.894687] CPU: 0 PID: 270 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 879.896019] Hardware name: linux,dummy-virt (DT)
<3>[ 879.897055] Call trace:
<3>[ 879.897721] dump_backtrace+0xb8/0x130
<3>[ 879.898785] show_stack+0x20/0x60
<3>[ 879.902615] dump_stack_lvl+0x8c/0xb8
<3>[ 879.903710] print_report+0x2e4/0x620
<3>[ 879.904776] kasan_report+0xa8/0x1dc
<3>[ 879.906647] kasan_check_range+0xf8/0x1a0
<3>[ 917.394071] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 917.405615] memset+0x54/0x90
<3>[ 917.406455] rcu: 0-...!: (4 ticks this GP) idle=f73/1/0x4000000000000000 softirq=994/997 fqs=1
<3>[ 917.406873] kmalloc_oob_in_memset+0xd8/0x1e0
<4>[ 917.407889] (detected by 1, t=9376 jiffies, g=661, q=1 ncpus=2)
<3>[ 917.408433] kunit_try_run_case+0x8c/0x124
<6>[ 917.409181] Task dump for CPU 0:
<3>[ 917.409724] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 917.410304] task:kunit_try_catch state:R running task
<3>[ 917.411000] kthread+0x160/0x170
<4>[ 917.411836] stack: 0 pid: 270 ppid: 2 flags:0x00000008
<3>[ 917.412291] ret_from_fork+0x10/0x20
<6>[ 917.413027] Call trace:
<3>[ 917.413557]
<3>[ 917.413657] Allocated by task 270:
<4>[ 917.413810] kasan_save_stack+0x2c/0x5c
<4>[ 917.414159] __kasan_kmalloc+0xac/0x104
<4>[ 917.414481] kmem_cache_alloc_trace+0x1f8/0x3b0
<4>[ 917.414812] kmalloc_oob_in_memset+0xa0/0x1e0
<4>[ 917.415147] kunit_try_run_case+0x8c/0x124
<4>[ 917.415495] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 917.415919] kthread+0x160/0x170
<4>[ 917.416224] ret_from_fork+0x10/0x20
<3>[ 917.416545]
<3>[ 917.416640] The buggy address belongs to the object at ffff00000769d700
<3>[ 917.416640] which belongs to the cache kmalloc-128 of size 128
<3>[ 917.416882] The buggy address is located 0 bytes inside of
<3>[ 917.416882] 128-byte region [ffff00000769d700, ffff00000769d780)
<3>[ 917.417171]
<3>[ 917.417274] The buggy address belongs to the physical page:
<4>[ 917.417406] page:00000000ffd3bac3 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769d
<4>[ 917.417675] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 917.418115] raw: 03fffc0000000200 fffffc00001da440 dead000000000004 ffff000006802300
<4>[ 917.418417] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 917.418601] page dumped because: kasan: bad access detected
<3>[ 917.418746]
<3>[ 917.418830] Memory state around the buggy address:
<3>[ 917.419018] ffff00000769d600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc
<3>[ 917.419274] ffff00000769d680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.419530] >ffff00000769d700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<3>[ 917.419724] ^
<3>[ 917.419932] ffff00000769d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.420193] ffff00000769d800: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 917.420386] ==================================================================
<6>[ 917.425955] ok 17 - kmalloc_oob_in_memset
<6>[ 917.429346] __switch_to+0x140/0x1e0
<6>[ 917.429668] __schedule+0x4f4/0xc74
<6>[ 917.429951] preempt_schedule+0x84/0xe4
<6>[ 956.565200] _raw_spin_unlock_irqrestore+0x74/0x84
<3>[ 956.567045] rcu: rcu_preempt kthread timer wakeup didn't happen for 19165 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<3>[ 956.568648] rcu: Possible timer handling issue on cpu=1 timer-softirq=2771
<3>[ 956.570322] rcu: rcu_preempt kthread starved for 19167 jiffies! g661 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<3>[ 956.571855] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 956.573115] rcu: RCU grace-period kthread stack dump:
<6>[ 956.574401] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<6>[ 956.575831] Call trace:
<6>[ 956.576368] __switch_to+0x140/0x1e0
<6>[ 956.577231] __schedule+0x4f4/0xc74
<6>[ 956.578549] schedule+0x88/0x13c
<6>[ 956.579351] schedule_timeout+0x104/0x2b0
<6>[ 956.580311] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 956.581209] rcu_gp_kthread+0x278/0x3a0
<6>[ 956.582583] kthread+0x160/0x170
<6>[ 956.583420] ret_from_fork+0x10/0x20
<3>[ 956.584304] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 997.308036] Task dump for CPU 1:
<6>[ 997.308746] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 997.311379] Call trace:
<6>[ 997.311940] dump_backtrace+0xb8/0x130
<6>[ 997.312832] show_stack+0x20/0x60
<6>[ 997.315299] sched_show_task+0x2a0/0x2d4
<6>[ 997.316323] dump_cpu_task+0x64/0x78
<6>[ 997.317275] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 997.318939] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 997.319923] update_process_times+0x90/0xec
<6>[ 997.320972] tick_sched_handle+0x70/0xa0
<6>[ 997.323565] tick_sched_timer+0x5c/0xd0
<6>[ 997.324503] __hrtimer_run_queues+0x234/0x5f0
<6>[ 997.325898] hrtimer_interrupt+0x198/0x384
<6>[ 997.326824] arch_timer_handler_virt+0x48/0x60
<6>[ 997.327847] handle_percpu_devid_irq+0xe0/0x300
<6>[ 997.328849] generic_handle_domain_irq+0x50/0x70
<6>[ 997.331532] gic_handle_irq+0x58/0x160
<6>[ 997.332387] call_on_irq_stack+0x2c/0x54
<6>[ 997.333753] do_interrupt_handler+0xc8/0xd0
<6>[ 997.334808] el1_interrupt+0x34/0x60
<6>[ 997.335768] el1h_64_irq_handler+0x18/0x2c
<6>[ 997.336807] el1h_64_irq+0x64/0x68
<6>[ 997.339160] arch_local_irq_enable+0xc/0x20
<6>[ 997.340106] default_idle_call+0x5c/0x248
<6>[ 997.341072] do_idle+0x318/0x3a0
<6>[ 997.342364] cpu_startup_entry+0x2c/0x3c
<6>[ 997.343294] secondary_start_kernel+0x248/0x274
<6>[ 997.344374] __secondary_switched+0xa0/0xa4
<3>[ 997.380374] ==================================================================
<3>[ 997.383701] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xdc/0x1e0
<3>[ 997.385039] Write of size 2 at addr ffff000007691e77 by task kunit_try_catch/271
<3>[ 997.390608]
<3>[ 997.391158] CPU: 0 PID: 271 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 997.395095] Hardware name: linux,dummy-virt (DT)
<3>[ 997.395932] Call trace:
<3>[ 997.396483] dump_backtrace+0xb8/0x130
<3>[ 1039.694374] show_stack+0x20/0x60
<3>[ 1039.694505] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<3>[ 1039.694702] dump_stack_lvl+0x8c/0xb8
<3>[ 1039.695260] rcu: 0-...!: (1 GPs behind) idle=fd7/1/0x4000000000000000 softirq=1016/1017 fqs=2
<3>[ 1039.695973] print_report+0x2e4/0x620
<4>[ 1039.696511] (detected by 1, t=10579 jiffies, g=673, q=2 ncpus=2)
<3>[ 1039.697475] kasan_report+0xa8/0x1dc
<6>[ 1039.698016] Task dump for CPU 0:
<3>[ 1039.698726] kasan_check_range+0xf8/0x1a0
<3>[ 1039.699259] memset+0x54/0x90
<3>[ 1039.699746] kmalloc_oob_memset_2+0xdc/0x1e0
<3>[ 1039.700258] kunit_try_run_case+0x8c/0x124
<3>[ 1039.700750] kunit_generic_run_threadfn_adapter+0x38/0x54
<6>[ 1039.703971] task:kunit_try_catch state:R running task stack: 0 pid: 271 ppid: 2 flags:0x00000008
<3>[ 1039.704721] kthread+0x160/0x170
<6>[ 1039.705441] Call trace:
<3>[ 1039.706517] ret_from_fork+0x10/0x20
<3>[ 1039.707015]
<6>[ 1039.707370] __switch_to+0x140/0x1e0
<3>[ 1039.707870] Allocated by task 271:
<6>[ 1039.708225] 0x1300dc342ef10c00
<4>[ 1039.708657] kasan_save_stack+0x2c/0x5c
<4>[ 1039.709146] __kasan_kmalloc+0xac/0x104
<3>[ 1039.709655] rcu: rcu_preempt kthread timer wakeup didn't happen for 10574 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<4>[ 1039.710159] kmem_cache_alloc_trace+0x1f8/0x3b0
<3>[ 1039.710698] rcu: Possible timer handling issue on cpu=1 timer-softirq=2775
<4>[ 1039.711918] kmalloc_oob_memset_2+0xa0/0x1e0
<3>[ 1039.712521] rcu: rcu_preempt kthread starved for 10575 jiffies! g673 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<4>[ 1039.713352] kunit_try_run_case+0x8c/0x124
<4>[ 1039.714905] kunit_generic_run_threadfn_adapter+0x38/0x54
<4>[ 1039.717183] kthread+0x160/0x170
<4>[ 1039.718867] ret_from_fork+0x10/0x20
<3>[ 1039.720805]
<3>[ 1039.721471] The buggy address belongs to the object at ffff000007691e00
<3>[ 1039.721471] which belongs to the cache kmalloc-128 of size 128
<3>[ 1039.723138] The buggy address is located 119 bytes inside of
<3>[ 1039.723138] 128-byte region [ffff000007691e00, ffff000007691e80)
<3>[ 1039.733732] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<3>[ 1039.734875]
<3>[ 1039.734973] The buggy address belongs to the physical page:
<3>[ 1039.735431] rcu: RCU grace-period kthread stack dump:
<4>[ 1039.736113] page:00000000af33b75c refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47691
<6>[ 1039.736561] task:rcu_preempt state:I
<4>[ 1039.737047] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<4>[ 1039.737600] raw: 03fffc0000000200 fffffc00001cfcc0 dead000000000003 ffff000006802300
<4>[ 1039.738770] stack: 0 pid: 16 ppid: 2 flags:0x00000008
<4>[ 1112.371401] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<4>[ 1112.372352] page dumped because: kasan: bad access detected
<3>[ 1112.373175]
<3>[ 1112.373285] Memory state around the buggy address:
<3>[ 1112.373481] ffff000007691d00: 00 00 04 fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.373776] ffff000007691d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.374040] >ffff000007691e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<3>[ 1112.374272] ^
<3>[ 1112.374483] ffff000007691e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<3>[ 1112.374772] ffff000007691f00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<3>[ 1112.374965] ==================================================================
<6>[ 1112.383879] ok 18 - kmalloc_oob_memset_2
<6>[ 1112.384766] Call trace:
<6>[ 1112.385201] __switch_to+0x140/0x1e0
<6>[ 1112.406928] __schedule+0x4f4/0xc74
<6>[ 1112.407991] schedule+0x88/0x13c
<6>[ 1112.409814] schedule_timeout+0x104/0x2b0
<6>[ 1112.410823] rcu_gp_fqs_loop+0x1a0/0x784
<6>[ 1112.411711] rcu_gp_kthread+0x278/0x3a0
<6>[ 1112.412605] kthread+0x160/0x170
<6>[ 1158.176452] ret_from_fork+0x10/0x20
<3>[ 1158.182111] rcu: Stack dump where RCU GP kthread last ran:
<6>[ 1158.185656] Task dump for CPU 1:
<6>[ 1158.194136] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<6>[ 1158.195866] Call trace:
<6>[ 1158.196408] dump_backtrace+0xb8/0x130
<6>[ 1158.197755] show_stack+0x20/0x60
<6>[ 1158.198609] sched_show_task+0x2a0/0x2d4
<6>[ 1158.199610] dump_cpu_task+0x64/0x78
<6>[ 1158.200545] rcu_check_gp_kthread_starvation+0x16c/0x198
<6>[ 1158.202249] rcu_sched_clock_irq+0x12bc/0x14a4
<6>[ 1158.203253] update_process_times+0x90/0xec
<6>[ 1158.204305] tick_sched_handle+0x70/0xa0
<6>[ 1158.205240] tick_sched_timer+0x5c/0xd0
<6>[ 1158.206647] __hrtimer_run_queues+0x234/0x5f0
<6>[ 1158.207582] hrtimer_interrupt+0x198/0x384
<6>[ 1158.208481] arch_timer_handler_virt+0x48/0x60
<6>[ 1158.209951] handle_percpu_devid_irq+0xe0/0x300
<6>[ 1158.210986] generic_handle_domain_irq+0x50/0x70
<6>[ 1158.212091] gic_handle_irq+0x58/0x160
<6>[ 1158.212935] call_on_irq_stack+0x2c/0x54
<6>[ 1158.214334] do_interrupt_handler+0xc8/0xd0
<6>[ 1158.215363] el1_interrupt+0x34/0x60
<6>[ 1158.216309] el1h_64_irq_handler+0x18/0x2c
<6>[ 1158.217793] el1h_64_irq+0x64/0x68
<6>[ 1158.218638] arch_local_irq_enable+0xc/0x20
<6>[ 1158.219553] default_idle_call+0x5c/0x248
<6>[ 1158.220518] do_idle+0x318/0x3a0
<6>[ 1158.221796] cpu_startup_entry+0x2c/0x3c
<6>[ 1158.222760] secondary_start_kernel+0x248/0x274
<6>[ 1158.223841] __secondary_switched+0xa0/0xa4
<3>[ 1158.301121] ==================================================================
<3>[ 1158.303863] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xdc/0x1e0
<3>[ 1158.310412] Write of size 4 at addr ffff0000076a1075 by task kunit_try_catch/272
<3>[ 1158.311609]
<3>[ 1158.312071] CPU: 0 PID: 272 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<3>[ 1158.313414] Hardware name: linux,dummy-virt (DT)
<3>[ 1205.751516] Call trace:
<3>[ 1205.751581] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1205.751778] rcu: 0-...!: (0 ticks this GP) idle=017/1/0x4000000000000000 softirq=1019/1019 fqs=0
<common> <4>[ 1205.752150] (detected by 1, t=11863 jiffies, g=677, q=4 ncpus=2)
<common> <3>[ 1205.752833] dump_backtrace+0xb8/0x130
<common> <6>[ 1205.753888] Task dump for CPU 0:
<common> <3>[ 1205.754607] show_stack+0x20/0x60
<common> <6>[ 1205.755135] task:kunit_try_catch state:R
<common> <3>[ 1205.755582] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1205.756062] print_report+0x2e4/0x620
<common> <4>[ 1205.756603] running task
<common> <3>[ 1205.757096] kasan_report+0xa8/0x1dc
<common> <3>[ 1205.757623] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1205.758148] memset+0x54/0x90
<common> <3>[ 1205.758659] kmalloc_oob_memset_4+0xdc/0x1e0
<common> <3>[ 1205.759172] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1205.759662] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1205.760688] stack: 0 pid: 272 ppid: 2 flags:0x00000008
<common> <3>[ 1205.761341] kthread+0x160/0x170
<common> <3>[ 1205.761624] ret_from_fork+0x10/0x20
<common> <3>[ 1205.761911]
<common> <3>[ 1205.762108] Allocated by task 272:
<common> <4>[ 1205.762244] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1205.764638] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1205.766406] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1205.768907] kmalloc_oob_memset_4+0xa0/0x1e0
<common> <6>[ 1205.771378] Call trace:
<common> <4>[ 1205.771840] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1205.772353] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <6>[ 1205.773135] __switch_to+0x140/0x1e0
<common> <4>[ 1205.773673] kthread+0x160/0x170
<common> <6>[ 1205.774225] 0xffff480693ab4500
<common> <4>[ 1205.774804] ret_from_fork+0x10/0x20
<common> <3>[ 1205.775411] rcu: rcu_preempt kthread timer wakeup didn't happen for 11862 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1205.775770]
<common> <3>[ 1205.776300] rcu: Possible timer handling issue on cpu=0 timer-softirq=962
<common> <3>[ 1205.776961] The buggy address belongs to the object at ffff0000076a1000
<common> <3>[ 1205.776961] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1205.798058] rcu: rcu_preempt kthread starved for 11863 jiffies! g677 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<common> <3>[ 1205.798469] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1205.798730] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1205.798866] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1205.799245] Call trace:
<common> <6>[ 1205.799353] __switch_to+0x140/0x1e0
<common> <6>[ 1205.799669] __schedule+0x4f4/0xc74
<common> <6>[ 1205.799965] schedule+0x88/0x13c
<common> <6>[ 1205.800250] schedule_timeout+0x104/0x2b0
<common> <6>[ 1205.800614] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1205.800925] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1205.801247] kthread+0x160/0x170
<common> <6>[ 1205.801579] ret_from_fork+0x10/0x20
<common> <3>[ 1205.801909] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1205.802038] Task dump for CPU 0:
<common> <6>[ 1205.802155] task:kunit_try_catch state:R running task stack: 0 pid: 272 ppid: 2 flags:0x00000008
<common> <6>[ 1205.802595] Call trace:
<common> <6>[ 1205.802700] __switch_to+0x140/0x1e0
<common> <6>[ 1205.803000] 0xffff480693ab4500
<common> <3>[ 1255.138631] The buggy address is located 117 bytes inside of
<common> <3>[ 1255.138631] 128-byte region [ffff0000076a1000, ffff0000076a1080)
<common> <3>[ 1255.140350]
<common> <3>[ 1255.140782] The buggy address belongs to the physical page:
<common> <4>[ 1255.143732] page:00000000c43a6e75 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476a1
<common> <4>[ 1255.145175] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1255.146506] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1255.147778] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1255.148937] page dumped because: kasan: bad access detected
<common> <3>[ 1255.151969]
<common> <3>[ 1255.152425] Memory state around the buggy address:
<common> <3>[ 1255.153311] ffff0000076a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<common> <3>[ 1255.154492] ffff0000076a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1306.226237] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1306.240532] >ffff0000076a1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1306.240780] ^
<common> <3>[ 1306.240991] ffff0000076a1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1306.241247] ffff0000076a1100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1306.241454] ==================================================================
<common> <4>[ 1306.252116] (detected by 1, t=36987 jiffies, g=680, q=2 ncpus=2)
<common> <3>[ 1306.253223] rcu: INFO: Stall ended before state dump start
<common> <6>[ 1306.261069] ok 19 - kmalloc_oob_memset_4
<common> <3>[ 1306.282426] ==================================================================
<common> <3>[ 1306.284710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0xdc/0x1e0
<common> <3>[ 1306.289710] Write of size 8 at addr ffff00000789ac71 by task kunit_try_catch/273
<common> <3>[ 1306.291223]
<common> <3>[ 1306.291772] CPU: 1 PID: 273 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1306.295700] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1306.296743] Call trace:
<common> <3>[ 1306.297427] dump_backtrace+0xb8/0x130
<common> <3>[ 1306.298524] show_stack+0x20/0x60
<common> <3>[ 1306.299337] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1306.300224] print_report+0x2e4/0x620
<common> <3>[ 1306.301123] kasan_report+0xa8/0x1dc
<common> <3>[ 1306.304201] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1306.305193] memset+0x54/0x90
<common> <3>[ 1306.306060] kmalloc_oob_memset_8+0xdc/0x1e0
<common> <3>[ 1306.307015] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1306.307968] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1306.309142] kthread+0x160/0x170
<common> <3>[ 1306.312249] ret_from_fork+0x10/0x20
<common> <3>[ 1306.313143]
<common> <3>[ 1306.313596] Allocated by task 273:
<common> <4>[ 1306.314274] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1306.315186] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1306.316069] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1306.317039] kmalloc_oob_memset_8+0xa0/0x1e0
<common> <4>[ 1306.320187] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1359.275068] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <4>[ 1359.290335] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1359.290879] kthread+0x160/0x170
<common> <4>[ 1359.291202] ret_from_fork+0x10/0x20
<common> <3>[ 1359.291530]
<common> <3>[ 1359.291621] The buggy address belongs to the object at ffff00000789ac00
<common> <3>[ 1359.291621] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1359.291879] The buggy address is located 113 bytes inside of
<common> <3>[ 1359.291879] 128-byte region [ffff00000789ac00, ffff00000789ac80)
<common> <3>[ 1359.292163]
<common> <3>[ 1359.292265] The buggy address belongs to the physical page:
<common> <4>[ 1359.292418] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1359.292696] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1359.293122] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <3>[ 1359.309524] rcu: 1-...!: (1 GPs behind) idle=155/1/0x4000000000000000 softirq=891/892 fqs=4
<common> <4>[ 1359.309943] (detected by 0, t=13247 jiffies, g=685, q=3 ncpus=2)
<common> <6>[ 1359.310189] Task dump for CPU 1:
<common> <6>[ 1359.310310] task:kunit_try_catch state:R running task stack: 0 pid: 273 ppid: 2 flags:0x0000000a
<common> <6>[ 1359.310777] Call trace:
<common> <6>[ 1359.310886] __switch_to+0x140/0x1e0
<common> <6>[ 1359.311210] 0xffff9fa911a61800
<common> <3>[ 1359.311485] rcu: rcu_preempt kthread timer wakeup didn't happen for 13238 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1359.311772] rcu: Possible timer handling issue on cpu=0 timer-softirq=969
<common> <3>[ 1359.311937] rcu: rcu_preempt kthread starved for 13239 jiffies! g685 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=0
<common> <3>[ 1359.312217] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1359.312383] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1359.312506] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1359.312844] Call trace:
<common> <6>[ 1359.312957] __switch_to+0x140/0x1e0
<common> <6>[ 1359.313271] __schedule+0x4f4/0xc74
<common> <6>[ 1359.313577] schedule+0x88/0x13c
<common> <6>[ 1359.313854] schedule_timeout+0x104/0x2b0
<common> <6>[ 1359.314247] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1359.314548] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1359.314872] kthread+0x160/0x170
<common> <6>[ 1359.315198] ret_from_fork+0x10/0x20
<common> <3>[ 1359.315536] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1359.315658] Task dump for CPU 0:
<common> <6>[ 1359.315784] task:swapper/0 state:R running task stack: 0 pid: 0 ppid: 0 flags:0x00000008
<common> <6>[ 1359.316224] Call trace:
<common> <6>[ 1359.316337] dump_backtrace+0xb8/0x130
<common> <6>[ 1359.316642] show_stack+0x20/0x60
<common> <6>[ 1359.316923] sched_show_task+0x2a0/0x2d4
<common> <4>[ 1359.326342] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1359.326581] page dumped because: kasan: bad access detected
<common> <3>[ 1359.326730]
<common> <3>[ 1359.326816] Memory state around the buggy address:
<common> <3>[ 1359.327009] ffff00000789ab00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1359.327266] ffff00000789ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1359.327521] >ffff00000789ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1359.327708] ^
<common> <3>[ 1359.327914] ffff00000789ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1359.328169] ffff00000789ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1359.328364] ==================================================================
<common> <3>[ 1414.192806] rcu: INFO: rcu_preempt self-detected stall on CPU
<common> <6>[ 1414.205331] dump_cpu_task+0x64/0x78
<common> <3>[ 1414.206335] rcu: 1-...!: (1 ticks this GP) idle=15f/0/0x1 softirq=896/896 fqs=0
<common> <6>[ 1414.207366] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <4>[ 1414.208648] (t=13729 jiffies g=689 q=1 ncpus=2)
<common> <6>[ 1414.209036] rcu_sched_clock_irq+0x12bc/0x14a4
<common> <3>[ 1414.210023] rcu: rcu_preempt kthread timer wakeup didn't happen for 13728 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1414.210431] rcu: Possible timer handling issue on cpu=1 timer-softirq=2784
<common> <6>[ 1414.210899] update_process_times+0x90/0xec
<common> <3>[ 1414.211412] rcu: rcu_preempt kthread starved for 13729 jiffies! g689 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<common> <6>[ 1414.211868] tick_sched_handle+0x70/0xa0
<common> <3>[ 1414.212411] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <6>[ 1414.212935] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1414.221316] __hrtimer_run_queues+0x234/0x5f0
<common> <3>[ 1414.222139] rcu: RCU grace-period kthread stack dump:
<common> <6>[ 1414.222974] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1414.223818] task:rcu_preempt state:I
<common> <6>[ 1414.224630] arch_timer_handler_virt+0x48/0x60
<common> <4>[ 1414.225495] stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1414.226323] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1507.290991] Call trace:
<common> <6>[ 1507.291164] __switch_to+0x140/0x1e0
<common> <6>[ 1507.294659] __schedule+0x4f4/0xc74
<common> <6>[ 1507.294959] schedule+0x88/0x13c
<common> <6>[ 1507.295244] schedule_timeout+0x104/0x2b0
<common> <6>[ 1507.295608] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1507.295898] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1507.296220] kthread+0x160/0x170
<common> <6>[ 1507.297296] ret_from_fork+0x10/0x20
<common> <3>[ 1507.298799] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1507.298907] Task dump for CPU 1:
<common> <6>[ 1507.298995] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x00000008
<common> <6>[ 1507.299244] Call trace:
<common> <6>[ 1507.299301] dump_backtrace+0xb8/0x130
<common> <6>[ 1507.299462] show_stack+0x20/0x60
<common> <6>[ 1507.299600] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1507.299802] dump_cpu_task+0x64/0x78
<common> <6>[ 1507.299990] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <6>[ 1507.300219] rcu_sched_clock_irq+0xf9c/0x14a4
<common> <6>[ 1507.300387] update_process_times+0x90/0xec
<common> <6>[ 1507.300599] tick_sched_handle+0x70/0xa0
<common> <6>[ 1507.300770] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1507.300944] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1507.301093] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1507.301245] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1507.302080] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1507.302698] gic_handle_irq+0x58/0x160
<common> <6>[ 1507.303471] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1507.304140] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1507.304744] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1507.305370] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1507.305789] el1_interrupt+0x34/0x60
<common> <6>[ 1507.306213] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1507.306650] el1h_64_irq+0x64/0x68
<common> <6>[ 1507.306930] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1507.307231] default_idle_call+0x5c/0x248
<common> <6>[ 1507.307618] do_idle+0x318/0x3a0
<common> <6>[ 1507.307936] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1507.308278] kernel_init+0x0/0x150
<common> <6>[ 1507.308536] arch_post_acpi_subsys_init+0x0/0x28
<common> <6>[ 1507.308946] start_kernel+0x3b0/0x3e4
<common> <6>[ 1507.309316] __primary_switched+0xc4/0xcc
<common> <6>[ 1507.318894] ok 20 - kmalloc_oob_memset_8
<common> <6>[ 1507.325782] gic_handle_irq+0x58/0x160
<common> <6>[ 1507.326106] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1566.060799] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1566.062629] el1_interrupt+0x34/0x60
<common> <6>[ 1566.063618] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1566.064652] el1h_64_irq+0x64/0x68
<common> <6>[ 1566.066189] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1566.067119] default_idle_call+0x5c/0x248
<common> <6>[ 1566.068104] do_idle+0x318/0x3a0
<common> <6>[ 1566.068922] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1626.749412] secondary_start_kernel+0x248/0x274
<common> <6>[ 1626.750479] __secondary_switched+0xa0/0xa4
<common> <6>[ 1626.751195] Task dump for CPU 1:
<common> <6>[ 1626.751657] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<common> <6>[ 1626.752893] Call trace:
<common> <6>[ 1626.753334] dump_backtrace+0xb8/0x130
<common> <6>[ 1626.754317] show_stack+0x20/0x60
<common> <6>[ 1626.755135] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1626.756133] dump_cpu_task+0x64/0x78
<common> <6>[ 1626.757057] rcu_dump_cpu_stacks+0x144/0x18c
<common> <6>[ 1626.758852] rcu_sched_clock_irq+0xfbc/0x14a4
<common> <6>[ 1626.759831] update_process_times+0x90/0xec
<common> <6>[ 1626.760881] tick_sched_handle+0x70/0xa0
<common> <6>[ 1626.762543] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1626.763485] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1626.764417] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1626.766012] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1626.767060] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1626.768073] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1626.769168] gic_handle_irq+0x58/0x160
<common> <6>[ 1626.770760] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1626.771694] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1626.772708] el1_interrupt+0x34/0x60
<common> <6>[ 1626.774392] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1626.775461] el1h_64_irq+0x64/0x68
<common> <6>[ 1626.776270] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1626.777181] default_idle_call+0x5c/0x248
<common> <6>[ 1626.778906] do_idle+0x318/0x3a0
<common> <6>[ 1626.779740] cpu_startup_entry+0x30/0x3c
<common> <6>[ 1626.780666] secondary_start_kernel+0x248/0x274
<common> <6>[ 1626.782469] __secondary_switched+0xa0/0xa4
<common> <3>[ 1626.838848] ==================================================================
<common> <3>[ 1626.840392] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xdc/0x1e0
<common> <3>[ 1626.844138] Write of size 16 at addr ffff00000769a569 by task kunit_try_catch/274
<common> <3>[ 1626.845397]
<common> <3>[ 1626.845865] CPU: 0 PID: 274 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1626.847201] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1626.847999] Call trace:
<common> <3>[ 1689.456414] dump_backtrace+0xb8/0x130
<common> <3>[ 1689.459737] show_stack+0x20/0x60
<common> <3>[ 1689.460598] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1689.461531] print_report+0x2e4/0x620
<common> <3>[ 1689.462437] kasan_report+0xa8/0x1dc
<common> <3>[ 1689.463317] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1689.464291] memset+0x54/0x90
<common> <3>[ 1689.465145] kmalloc_oob_memset_16+0xdc/0x1e0
<common> <3>[ 1689.466154] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1689.467119] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1689.468455] kthread+0x160/0x170
<common> <3>[ 1689.469349] ret_from_fork+0x10/0x20
<common> <3>[ 1689.470260]
<common> <3>[ 1689.470691] Allocated by task 274:
<common> <4>[ 1689.471368] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1689.472268] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1689.473160] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1689.474180] kmalloc_oob_memset_16+0xa0/0x1e0
<common> <4>[ 1689.475135] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1689.476085] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1689.477233] kthread+0x160/0x170
<common> <4>[ 1689.478086] ret_from_fork+0x10/0x20
<common> <3>[ 1689.478955]
<common> <3>[ 1689.479379] The buggy address belongs to the object at ffff00000769a500
<common> <3>[ 1689.479379] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1689.481081] The buggy address is located 105 bytes inside of
<common> <3>[ 1689.481081] 128-byte region [ffff00000769a500, ffff00000769a580)
<common> <3>[ 1689.482760]
<common> <3>[ 1689.483203] The buggy address belongs to the physical page:
<common> <4>[ 1689.484084] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1689.485502] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1689.486832] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1689.488107] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1689.489280] page dumped because: kasan: bad access detected
<common> <3>[ 1689.490179]
<common> <3>[ 1689.490605] Memory state around the buggy address:
<common> <3>[ 1689.491478] ffff00000769a400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1754.138789] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1754.140005] >ffff00000769a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc
<common> <3>[ 1754.141193] ^
<common> <3>[ 1754.143569] ffff00000769a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1754.146925] ffff00000769a600: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1754.150175] ==================================================================
<common> <6>[ 1754.260968] ok 21 - kmalloc_oob_memset_16
<common> <3>[ 1754.287068] ==================================================================
<common> <3>[ 1754.288874] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe8/0x1f0
<common> <3>[ 1754.291813] Read of size 18446744073709551614 at addr ffff00000769a404 by task kunit_try_catch/275
<common> <3>[ 1754.293244]
<common> <3>[ 1754.295268] CPU: 0 PID: 275 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1754.296585] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1754.297926] Call trace:
<common> <3>[ 1754.298497] dump_backtrace+0xb8/0x130
<common> <3>[ 1754.299369] show_stack+0x20/0x60
<common> <3>[ 1754.300162] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1754.301037] print_report+0x2e4/0x620
<common> <3>[ 1754.302345] kasan_report+0xa8/0x1dc
<common> <3>[ 1754.303234] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1754.304195] memmove+0x5c/0x110
<common> <3>[ 1754.305051] kmalloc_memmove_negative_size+0xe8/0x1f0
<common> <3>[ 1754.307976] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1754.308931] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1754.310519] kthread+0x160/0x170
<common> <3>[ 1754.311366] ret_from_fork+0x10/0x20
<common> <3>[ 1754.312241]
<common> <3>[ 1754.312664] Allocated by task 275:
<common> <4>[ 1754.313704] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1754.314634] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1754.315510] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1754.316459] kmalloc_memmove_negative_size+0xa0/0x1f0
<common> <4>[ 1754.317889] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1754.318864] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.535092] kthread+0x160/0x170
<common> <4>[ 1795.535770] ret_from_fork+0x10/0x20
<common> <3>[ 1795.536418]
<common> <3>[ 1795.536762] The buggy address belongs to the object at ffff00000769a400
<common> <3>[ 1795.536762] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.537699] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks:
<common> <3>[ 1795.557807] The buggy address is located 4 bytes inside of
<common> <3>[ 1795.557807] 128-byte region [ffff00000769a400, ffff00000769a480)
<common> <3>[ 1795.564075] rcu: 0-...!: (1 GPs behind) idle=08f/1/0x4000000000000000 softirq=1030/1031 fqs=1
<common> <4>[ 1795.564728] (detected by 1, t=10314 jiffies, g=701, q=3 ncpus=2)
<common> <3>[ 1795.572176]
<common> <3>[ 1795.572289] The buggy address belongs to the physical page:
<common> <6>[ 1795.573202] Task dump for CPU 0:
<common> <4>[ 1795.573981] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1795.574340] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <6>[ 1795.574976] task:kunit_try_catch state:R
<common> <4>[ 1795.575596] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1795.576468] running task
<common> <4>[ 1795.577386] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.589462] stack: 0 pid: 275 ppid: 2 flags:0x00000008
<common> <4>[ 1795.590369] page dumped because: kasan: bad access detected
<common> <6>[ 1795.590830] Call trace:
<common> <3>[ 1795.591693]
<common> <3>[ 1795.591782] Memory state around the buggy address:
<common> <6>[ 1795.592414] __switch_to+0x140/0x1e0
<common> <3>[ 1795.593166] ffff00000769a300: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <6>[ 1795.593517] 0xa300bdfd3d933100
<common> <3>[ 1795.593884] ffff00000769a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.594481] rcu: rcu_preempt kthread timer wakeup didn't happen for 10307 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402
<common> <3>[ 1795.595013] >ffff00000769a400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1795.595790] rcu: Possible timer handling issue on cpu=1 timer-softirq=2789
<common> <3>[ 1795.596242] ^
<common> <3>[ 1795.597071] rcu: rcu_preempt kthread starved for 10308 jiffies! g701 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1
<common> <3>[ 1795.612428] ffff00000769a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.613170] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior.
<common> <3>[ 1795.613727] ffff00000769a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.614788] rcu: RCU grace-period kthread stack dump:
<common> <3>[ 1795.615616] ==================================================================
<common> <6>[ 1795.616627] task:rcu_preempt state:I stack: 0 pid: 16 ppid: 2 flags:0x00000008
<common> <6>[ 1795.635130] Call trace:
<common> <6>[ 1795.635698] __switch_to+0x140/0x1e0
<common> <6>[ 1795.636527] __schedule+0x4f4/0xc74
<common> <6>[ 1795.636738] ok 22 - kmalloc_memmove_negative_size
<common> <6>[ 1795.637339] schedule+0x88/0x13c
<common> <6>[ 1795.637616] schedule_timeout+0x104/0x2b0
<common> <6>[ 1795.639418] rcu_gp_fqs_loop+0x1a0/0x784
<common> <6>[ 1795.640294] rcu_gp_kthread+0x278/0x3a0
<common> <6>[ 1795.641130] kthread+0x160/0x170
<common> <6>[ 1795.655016] ret_from_fork+0x10/0x20
<common> <3>[ 1795.655928] rcu: Stack dump where RCU GP kthread last ran:
<common> <6>[ 1795.656755] Task dump for CPU 1:
<common> <6>[ 1795.661660] task:swapper/1 state:R running task stack: 0 pid: 0 ppid: 1 flags:0x0000000a
<common> <6>[ 1795.663280] Call trace:
<common> <6>[ 1795.663809] dump_backtrace+0xb8/0x130
<common> <6>[ 1795.664645] show_stack+0x20/0x60
<common> <6>[ 1795.665339] sched_show_task+0x2a0/0x2d4
<common> <6>[ 1795.666296] dump_cpu_task+0x64/0x78
<common> <6>[ 1795.666944] rcu_check_gp_kthread_starvation+0x16c/0x198
<common> <6>[ 1795.667742] rcu_sched_clock_irq+0x12bc/0x14a4
<common> <6>[ 1795.668407] update_process_times+0x90/0xec
<common> <6>[ 1795.669089] tick_sched_handle+0x70/0xa0
<common> <6>[ 1795.670077] tick_sched_timer+0x5c/0xd0
<common> <6>[ 1795.671787] __hrtimer_run_queues+0x234/0x5f0
<common> <6>[ 1795.673161] hrtimer_interrupt+0x198/0x384
<common> <6>[ 1795.675365] arch_timer_handler_virt+0x48/0x60
<common> <6>[ 1795.676852] handle_percpu_devid_irq+0xe0/0x300
<common> <6>[ 1795.678930] generic_handle_domain_irq+0x50/0x70
<common> <6>[ 1795.680649] gic_handle_irq+0x58/0x160
<common> <6>[ 1795.682565] call_on_irq_stack+0x2c/0x54
<common> <6>[ 1795.683792] do_interrupt_handler+0xc8/0xd0
<common> <6>[ 1795.685237] el1_interrupt+0x34/0x60
<common> <6>[ 1795.687417] el1h_64_irq_handler+0x18/0x2c
<common> <6>[ 1795.688879] el1h_64_irq+0x64/0x68
<common> <6>[ 1795.691311] arch_local_irq_enable+0xc/0x20
<common> <6>[ 1795.692528] default_idle_call+0x5c/0x248
<common> <6>[ 1795.694570] do_idle+0x318/0x3a0
<common> <6>[ 1795.695854] cpu_startup_entry+0x2c/0x3c
<common> <6>[ 1795.697233] secondary_start_kernel+0x248/0x274
<common> <6>[ 1795.699361] __secondary_switched+0xa0/0xa4
<common> <3>[ 1795.735781] ==================================================================
<common> <3>[ 1795.739804] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe8/0x1f0
<common> <3>[ 1795.741085] Read of size 64 at addr ffff00000769aa04 by task kunit_try_catch/276
<common> <3>[ 1795.742569]
<common> <3>[ 1795.743175] CPU: 0 PID: 276 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.744678] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.745817] Call trace:
<common> <3>[ 1795.746492] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.747652] show_stack+0x20/0x60
<common> <3>[ 1795.748582] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.749758] print_report+0x2e4/0x620
<common> <3>[ 1795.750801] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.751922] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1795.753151] memmove+0x5c/0x110
<common> <3>[ 1795.754186] kmalloc_memmove_invalid_size+0xe8/0x1f0
<common> <3>[ 1795.755558] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.756747] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.758155] kthread+0x160/0x170
<common> <3>[ 1795.759116] ret_from_fork+0x10/0x20
<common> <3>[ 1795.760332]
<common> <3>[ 1795.760950] Allocated by task 276:
<common> <4>[ 1795.761790] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.763023] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.764152] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.765420] kmalloc_memmove_invalid_size+0xa4/0x1f0
<common> <4>[ 1795.766754] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.767979] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.769380] kthread+0x160/0x170
<common> <4>[ 1795.770363] ret_from_fork+0x10/0x20
<common> <3>[ 1795.771544]
<common> <3>[ 1795.772144] The buggy address belongs to the object at ffff00000769aa00
<common> <3>[ 1795.772144] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.774206] The buggy address is located 4 bytes inside of
<common> <3>[ 1795.774206] 128-byte region [ffff00000769aa00, ffff00000769aa80)
<common> <3>[ 1795.776177]
<common> <3>[ 1795.776777] The buggy address belongs to the physical page:
<common> <4>[ 1795.777844] page:0000000096b3938d refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4769a
<common> <4>[ 1795.779580] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.781092] raw: 03fffc0000000200 dead000000000100 dead000000000122 ffff000006802300
<common> <4>[ 1795.782745] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.784099] page dumped because: kasan: bad access detected
<common> <3>[ 1795.785234]
<common> <3>[ 1795.785837] Memory state around the buggy address:
<common> <3>[ 1795.786917] ffff00000769a900: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.788267] ffff00000769a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.789663] >ffff00000769aa00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc
<common> <3>[ 1795.790955] ^
<common> <3>[ 1795.792137] ffff00000769aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.793491] ffff00000769ab00: 00 06 fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.794783] ==================================================================
<common> <6>[ 1795.799563] ok 23 - kmalloc_memmove_invalid_size
<common> <3>[ 1795.803907] ==================================================================
<common> <3>[ 1795.806013] BUG: KASAN: use-after-free in kmalloc_uaf+0xd0/0x1c4
<common> <3>[ 1795.808342] Read of size 1 at addr ffff00000789a808 by task kunit_try_catch/278
<common> <3>[ 1795.810205]
<common> <3>[ 1795.811942] CPU: 1 PID: 278 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.813483] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.815543] Call trace:
<common> <3>[ 1795.816444] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.819226] show_stack+0x20/0x60
<common> <3>[ 1795.820073] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.821216] print_report+0x2e4/0x620
<common> <3>[ 1795.823334] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.824429] __asan_load1+0x88/0xb0
<common> <3>[ 1795.826691] kmalloc_uaf+0xd0/0x1c4
<common> <3>[ 1795.827809] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.829011] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.831550] kthread+0x160/0x170
<common> <3>[ 1795.832504] ret_from_fork+0x10/0x20
<common> <3>[ 1795.834798]
<common> <3>[ 1795.835375] Allocated by task 278:
<common> <4>[ 1795.836140] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.838646] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.839404] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.840582] kmalloc_uaf+0x9c/0x1c4
<common> <4>[ 1795.842760] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.843758] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.845377] kthread+0x160/0x170
<common> <4>[ 1795.847503] ret_from_fork+0x10/0x20
<common> <3>[ 1795.848566]
<common> <3>[ 1795.849138] Freed by task 278:
<common> <4>[ 1795.851069] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.852163] kasan_set_track+0x2c/0x40
<common> <4>[ 1795.853243] kasan_set_free_info+0x28/0x50
<common> <4>[ 1795.855463] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1795.856637] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1795.858758] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1795.860330] kfree+0xe0/0x3f0
<common> <4>[ 1795.861165] kmalloc_uaf+0xbc/0x1c4
<common> <4>[ 1795.863233] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.864377] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.866950] kthread+0x160/0x170
<common> <4>[ 1795.868001] ret_from_fork+0x10/0x20
<common> <3>[ 1795.869086]
<common> <3>[ 1795.870817] The buggy address belongs to the object at ffff00000789a800
<common> <3>[ 1795.870817] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.872776] The buggy address is located 8 bytes inside of
<common> <3>[ 1795.872776] 128-byte region [ffff00000789a800, ffff00000789a880)
<common> <3>[ 1795.875701]
<common> <3>[ 1795.876476] The buggy address belongs to the physical page:
<common> <4>[ 1795.878543] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1795.880045] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.882782] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1795.884068] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.886600] page dumped because: kasan: bad access detected
<common> <3>[ 1795.887730]
<common> <3>[ 1795.888279] Memory state around the buggy address:
<common> <3>[ 1795.890568] ffff00000789a700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.892022] ffff00000789a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.894560] >ffff00000789a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.895939] ^
<common> <3>[ 1795.896744] ffff00000789a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.899262] ffff00000789a900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.900545] ==================================================================
<common> <6>[ 1795.907822] ok 24 - kmalloc_uaf
<common> <3>[ 1795.916693] ==================================================================
<common> <3>[ 1795.918440] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xd8/0x1cc
<common> <3>[ 1795.919987] Write of size 33 at addr ffff0000076bf100 by task kunit_try_catch/279
<common> <3>[ 1795.921415]
<common> <3>[ 1795.922044] CPU: 0 PID: 279 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1795.923641] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1795.924600] Call trace:
<common> <3>[ 1795.925297] dump_backtrace+0xb8/0x130
<common> <3>[ 1795.926399] show_stack+0x20/0x60
<common> <3>[ 1795.927296] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1795.928396] print_report+0x2e4/0x620
<common> <3>[ 1795.929446] kasan_report+0xa8/0x1dc
<common> <3>[ 1795.930548] kasan_check_range+0xf8/0x1a0
<common> <3>[ 1795.931667] memset+0x54/0x90
<common> <3>[ 1795.932572] kmalloc_uaf_memset+0xd8/0x1cc
<common> <3>[ 1795.933769] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1795.934946] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1795.936326] kthread+0x160/0x170
<common> <3>[ 1795.937331] ret_from_fork+0x10/0x20
<common> <3>[ 1795.938451]
<common> <3>[ 1795.939026] Allocated by task 279:
<common> <4>[ 1795.939790] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.940797] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1795.941999] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1795.943215] kmalloc_uaf_memset+0x9c/0x1cc
<common> <4>[ 1795.944263] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.945487] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.946883] kthread+0x160/0x170
<common> <4>[ 1795.947856] ret_from_fork+0x10/0x20
<common> <3>[ 1795.948947]
<common> <3>[ 1795.949546] Freed by task 279:
<common> <4>[ 1795.950312] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1795.951313] kasan_set_track+0x2c/0x40
<common> <4>[ 1795.952406] kasan_set_free_info+0x28/0x50
<common> <4>[ 1795.953587] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1795.954649] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1795.955770] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1795.957104] kfree+0xe0/0x3f0
<common> <4>[ 1795.957936] kmalloc_uaf_memset+0xbc/0x1cc
<common> <4>[ 1795.959070] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1795.960155] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1795.961441] kthread+0x160/0x170
<common> <4>[ 1795.962388] ret_from_fork+0x10/0x20
<common> <3>[ 1795.963455]
<common> <3>[ 1795.964022] The buggy address belongs to the object at ffff0000076bf100
<common> <3>[ 1795.964022] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1795.966055] The buggy address is located 0 bytes inside of
<common> <3>[ 1795.966055] 128-byte region [ffff0000076bf100, ffff0000076bf180)
<common> <3>[ 1795.967849]
<common> <3>[ 1795.968398] The buggy address belongs to the physical page:
<common> <4>[ 1795.969430] page:000000000012f197 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x476bf
<common> <4>[ 1795.970963] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1795.972652] raw: 03fffc0000000200 fffffc00001dac00 dead000000000004 ffff000006802300
<common> <4>[ 1795.973903] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1795.975235] page dumped because: kasan: bad access detected
<common> <3>[ 1795.976254]
<common> <3>[ 1795.976802] Memory state around the buggy address:
<common> <3>[ 1795.977835] ffff0000076bf000: 00 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.979187] ffff0000076bf080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.980547] >ffff0000076bf100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.981862] ^
<common> <3>[ 1795.982651] ffff0000076bf180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1795.983976] ffff0000076bf200: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1795.985277] ==================================================================
<common> <6>[ 1795.991899] ok 25 - kmalloc_uaf_memset
<common> <3>[ 1796.002358] ==================================================================
<common> <3>[ 1796.008667] BUG: KASAN: use-after-free in kmalloc_uaf2+0x10c/0x29c
<common> <3>[ 1796.010425] Read of size 1 at addr ffff00000789a528 by task kunit_try_catch/280
<common> <3>[ 1796.012144]
<common> <3>[ 1796.012839] CPU: 1 PID: 280 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1796.014700] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1796.015890] Call trace:
<common> <3>[ 1796.016813] dump_backtrace+0xb8/0x130
<common> <3>[ 1796.018121] show_stack+0x20/0x60
<common> <3>[ 1796.019110] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1796.020409] print_report+0x2e4/0x620
<common> <3>[ 1796.021777] kasan_report+0xa8/0x1dc
<common> <3>[ 1796.023061] __asan_load1+0x88/0xb0
<common> <3>[ 1796.024355] kmalloc_uaf2+0x10c/0x29c
<common> <3>[ 1796.025625] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1796.027043] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1796.028404] kthread+0x160/0x170
<common> <3>[ 1796.029551] ret_from_fork+0x10/0x20
<common> <3>[ 1796.030589]
<common> <3>[ 1796.031438] Allocated by task 280:
<common> <4>[ 1796.032306] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.033188] __kasan_kmalloc+0xac/0x104
<common> <4>[ 1796.034549] kmem_cache_alloc_trace+0x1f8/0x3b0
<common> <4>[ 1796.035969] kmalloc_uaf2+0xb0/0x29c
<common> <4>[ 1796.037010] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.038141] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.039448] kthread+0x160/0x170
<common> <4>[ 1796.040710] ret_from_fork+0x10/0x20
<common> <3>[ 1796.042004]
<common> <3>[ 1796.042636] Freed by task 280:
<common> <4>[ 1796.043426] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.044281] kasan_set_track+0x2c/0x40
<common> <4>[ 1796.045793] kasan_set_free_info+0x28/0x50
<common> <4>[ 1796.046982] ____kasan_slab_free+0x15c/0x1b4
<common> <4>[ 1796.048083] __kasan_slab_free+0x18/0x2c
<common> <4>[ 1796.049502] slab_free_freelist_hook+0xbc/0x220
<common> <4>[ 1796.050994] kfree+0xe0/0x3f0
<common> <4>[ 1796.051980] kmalloc_uaf2+0xc8/0x29c
<common> <4>[ 1796.052768] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.054234] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.055788] kthread+0x160/0x170
<common> <4>[ 1796.056786] ret_from_fork+0x10/0x20
<common> <3>[ 1796.058943]
<common> <3>[ 1796.059311] The buggy address belongs to the object at ffff00000789a500
<common> <3>[ 1796.059311] which belongs to the cache kmalloc-128 of size 128
<common> <3>[ 1796.064763] The buggy address is located 40 bytes inside of
<common> <3>[ 1796.064763] 128-byte region [ffff00000789a500, ffff00000789a580)
<common> <3>[ 1796.067757]
<common> <3>[ 1796.068530] The buggy address belongs to the physical page:
<common> <4>[ 1796.070439] page:00000000fce45ea4 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4789a
<common> <4>[ 1796.072743] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1796.075352] raw: 03fffc0000000200 0000000000000000 dead000000000001 ffff000006802300
<common> <4>[ 1796.077246] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000
<common> <4>[ 1796.079320] page dumped because: kasan: bad access detected
<common> <3>[ 1796.080518]
<common> <3>[ 1796.081248] Memory state around the buggy address:
<common> <3>[ 1796.083118] ffff00000789a400: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.085198] ffff00000789a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.086724] >ffff00000789a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1796.088744] ^
<common> <3>[ 1796.090294] ffff00000789a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.092063] ffff00000789a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb
<common> <3>[ 1796.093795] ==================================================================
<common> <6>[ 1796.099778] ok 26 - kmalloc_uaf2
<common> <6>[ 1796.109002] ok 27 - kfree_via_page
<common> <6>[ 1796.119444] ok 28 - kfree_via_phys
<common> <3>[ 1796.131855] ==================================================================
<common> <3>[ 1796.133533] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xe0/0x250
<common> <3>[ 1796.135097] Read of size 1 at addr ffff00000e2e90c8 by task kunit_try_catch/283
<common> <3>[ 1796.136464]
<common> <3>[ 1796.137038] CPU: 0 PID: 283 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <3>[ 1796.138611] Hardware name: linux,dummy-virt (DT)
<common> <3>[ 1796.139574] Call trace:
<common> <3>[ 1796.140266] dump_backtrace+0xb8/0x130
<common> <3>[ 1796.141445] show_stack+0x20/0x60
<common> <3>[ 1796.142370] dump_stack_lvl+0x8c/0xb8
<common> <3>[ 1796.143527] print_report+0x2e4/0x620
<common> <3>[ 1796.144563] kasan_report+0xa8/0x1dc
<common> <3>[ 1796.145738] __asan_load1+0x88/0xb0
<common> <3>[ 1796.146757] kmem_cache_oob+0xe0/0x250
<common> <3>[ 1796.147912] kunit_try_run_case+0x8c/0x124
<common> <3>[ 1796.148997] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <3>[ 1796.150423] kthread+0x160/0x170
<common> <3>[ 1796.151388] ret_from_fork+0x10/0x20
<common> <3>[ 1796.152385]
<common> <3>[ 1796.152828] Allocated by task 283:
<common> <4>[ 1796.153819] kasan_save_stack+0x2c/0x5c
<common> <4>[ 1796.155188] __kasan_slab_alloc+0xc0/0xd0
<common> <4>[ 1796.157130] kmem_cache_alloc+0x180/0x3a0
<common> <4>[ 1796.158259] kmem_cache_oob+0xbc/0x250
<common> <4>[ 1796.160568] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.161728] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.162997] kthread+0x160/0x170
<common> <4>[ 1796.163929] ret_from_fork+0x10/0x20
<common> <3>[ 1796.165044]
<common> <3>[ 1796.167053] The buggy address belongs to the object at ffff00000e2e9000
<common> <3>[ 1796.167053] which belongs to the cache test_cache of size 200
<common> <3>[ 1796.168981] The buggy address is located 0 bytes to the right of
<common> <3>[ 1796.168981] 200-byte region [ffff00000e2e9000, ffff00000e2e90c8)
<common> <3>[ 1796.170825]
<common> <3>[ 1796.171355] The buggy address belongs to the physical page:
<common> <4>[ 1796.172346] page:000000003ac1b269 refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x4e2e9
<common> <4>[ 1796.175377] flags: 0x3fffc0000000200(slab|node=0|zone=0|lastcpupid=0xffff)
<common> <4>[ 1796.176978] raw: 03fffc0000000200 0000000000000000 dead000000000122 ffff00000759be00
<common> <4>[ 1796.178294] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000
<common> <4>[ 1796.179592] page dumped because: kasan: bad access detected
<common> <3>[ 1796.180626]
<common> <3>[ 1796.181197] Memory state around the buggy address:
<common> <3>[ 1796.183724] ffff00000e2e8f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff
<common> <3>[ 1796.184952] ffff00000e2e9000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
<common> <3>[ 1796.186310] >ffff00000e2e9080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc
<common> <3>[ 1796.187604] ^
<common> <3>[ 1796.188633] ffff00000e2e9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.191686] ffff00000e2e9180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc
<common> <3>[ 1796.192842] ==================================================================
<common> <6>[ 1796.219525] ok 29 - kmem_cache_oob
<common> <1>[ 1796.227625] Unable to handle kernel paging request at virtual address dead0000000000c2
<common> <1>[ 1796.232172] Mem abort info:
<common> <1>[ 1796.233183] ESR = 0x0000000096000004
<common> <1>[ 1796.236146] EC = 0x25: DABT (current EL), IL = 32 bits
<common> <1>[ 1796.240846] SET = 0, FnV = 0
<common> <1>[ 1796.243243] EA = 0, S1PTW = 0
<common> <1>[ 1796.244314] FSC = 0x04: level 0 translation fault
<common> <1>[ 1796.247460] Data abort info:
<common> <1>[ 1796.248719] ISV = 0, ISS = 0x00000004
<common> <1>[ 1796.251536] CM = 0, WnR = 0
<common> <1>[ 1796.252357] [dead0000000000c2] address between user and kernel address ranges
<common> <0>[ 1796.256274] Internal error: Oops: 96000004 [#1] PREEMPT SMP
<common> <4>[ 1796.257789] Modules linked in:
<common> <4>[ 1796.258667] CPU: 0 PID: 284 Comm: kunit_try_catch Tainted: G B W 5.19.13-rc1 #1
<common> <4>[ 1796.260117] Hardware name: linux,dummy-virt (DT)
<common> <4>[ 1796.261058] pstate: 80400005 (Nzcv daif +PAN -UAO -TCO -DIT -SSBS BTYPE=--)
<common> <4>[ 1796.263815] pc : find_mergeable+0x108/0x1dc
<common> <4>[ 1796.265047] lr : find_mergeable+0x110/0x1dc
<common> <4>[ 1796.266146] sp : ffff8000088b7c50
<common> <4>[ 1796.266960] x29: ffff8000088b7c50 x28: 0000000000000000 x27: 000000000000011b
<common> <4>[ 1796.268640] x26: ffffb5ed1da38220 x25: ffffb5ed1ecf5800 x24: 000000000402c000
<common> <4>[ 1796.271606] x23: 0000000000a90c00 x22: 0000000004000000 x21: 00000000fffffff8
<common> <4>[ 1796.273241] x20: 00000000000000c8 x19: dead0000000000ba x18: 0000000010ac2324
<common> <4>[ 1796.274904] x17: 0000000000000000 x16: 0000000000000000 x15: 00000000000c8000
<common> <4>[ 1796.276554] x14: 00000000000c8000 x13: 6461657268745f68 x12: ffff700001116f95
<common> <4>[ 1796.279510] x11: 1ffff00001116f94 x10: ffff700001116f94 x9 : ffffb5ed18df9378
<common> <4>[ 1796.281188] x8 : ffff8000088b7ca7 x7 : 0000000000000001 x6 : ffff700001116f94
<common> <4>[ 1796.282856] x5 : 0000000000000000 x4 : 0000000000000002 x3 : 0000000000000000
<common> <4>[ 1796.284463] x2 : 0000000000000000 x1 : 0000000000000000 x0 : 0000000000000108
<common> <4>[ 1796.287497] Call trace:
<common> <4>[ 1796.288400] find_mergeable+0x108/0x1dc
<common> <4>[ 1796.289619] __kmem_cache_alias+0x38/0xc0
<common> <4>[ 1796.290624] kmem_cache_create_usercopy+0x130/0x2bc
<common> <4>[ 1796.291862] kmem_cache_create+0x24/0x30
<common> <4>[ 1796.293027] kmem_cache_accounted+0x90/0x160
<common> <4>[ 1796.295491] kunit_try_run_case+0x8c/0x124
<common> <4>[ 1796.296677] kunit_generic_run_threadfn_adapter+0x38/0x54
<common> <4>[ 1796.298432] kthread+0x160/0x170
<common> <4>[ 1796.299499] ret_from_fork+0x10/0x20
<common> <0>[ 1796.301148] Code: eb1a003f 54000480 39400321 35ffff61 (b9400a7b)
<common> <4>[ 1796.303569] ---[ end trace 0000000000000000 ]---
poweroff